Thieves Used 3D Printer for ATM Skimmers

3D printing in action from i.materialise on Vimeo.

Most ATM skimmers are carefully hand-made and crafted to blend in with the targeted cash machine in both form and paint color. Some skimmer makers even ask customers for a photo of the targeted cash machine before beginning their work.

The skimmer components typically include a card skimmer that fits over the card acceptance slot and steals the data stored on the card’s magnetic stripe, and a pinhole camera built into a false panel that thieves can fit above or beside the PIN pad.

If these components don’t match just-so, they’re more likely to be discovered and removed by customers or bank personnel, leaving the thieves without their stolen card data.

Enter the 3D printer. This fascinating technology, explained succinctly in the video below from 3D printing company i.materialise, takes two dimensional computer images and builds them into three dimensional models by laying down successive layers of powder that are heated, shaped and hardened (see video).

The word is spreading in the cybercrime underworld that 3D printers produce flawless skimmer devices with exacting precision. Last year, i-materialise blogged about receiving client’s order for building a card skimmer.

The company said it denied the request when it became clear the ordered product was a fraud device.

A convicted skimmer in the US is alleged to have used the counterfeit cards to withdraw funds at different ATMs around Texas. Prosecutors allege the group stole more than $400,000 between Aug. 2009 and June 2011.

Prior to their arrest this summer, the gang started making decent money but they split the profits between them. Federal prosecutors say the men stole $57.808.14 in month of April 2011 alone.

Read more on this article here

U.K. bank hit by massive fraud from ZeuS-based botnet

Security vendor M86 Security says it's discovered that a U.K.-based bank has suffered almost $900,000 (675,000 Euros) in fraudulent bank-funds transfers due to the ZeuS Trojan malware that has been targeting the institution.

The Top Ten Most wanted Spam-Spewing Botnets

Bradley Anstis, vice president of technology strategy at M86 Security, said the security firm uncovered the situation in late July while tracking how one ZeuS botnet had been specifically going after the U.K.-based bank and its customers. The botnet included a few hundred thousand PCs and even about 3,000 Apple Macs, and managed to steal funds from about 3,000 customer accounts through unauthorized transfers equivalent to roughly $892,755.

Anstis declined to name the bank. He said the botnet used in the attack is based on version 3.0 of the ZeuS malware and appears to be controlled from Eastern Europe, with a server hosted in Moldava.

From the investigation into the botnet's server operations, M86 Security has found the criminals controlling the botnet waited until accounts reached at least 800 Euros before initiating a fraudulent funds transfer from the victim's compromised machine to a number of other accounts used by money mules who would forward the funds on to Eastern Europe.

Anstis says the victimised bank was offering "free security software" to customers but it wasn't clear if this software, which M86 declined to name, was in use when the fraudulent transfers were made. Anstis says the process of notifying the bank to let it know what M86 Security has discovered about the botnet was a somewhat frustrating experience.

U.K. bank hit by massive fraud from ZeuS-based botnet