Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Scammer Plants a Fake ATM At Defcon 17

kdawson posted more than 4 years ago | from the not-the-brightest-LED-in-the-flashlight dept.

Security 394

Groo Wanderer writes "Normally, a well-crafted fake ATM would skim a lot of card information before it was noticed, if it was ever noticed at all. Because it is safer for the criminals and harder to prosecute, financial crimes like this are spreading fast. If you are smart, you don't try to pull one off in the middle of a computer security convention where the attendees are very good at spotting such scams. That said, some not-so-bright criminal tried to plant a fake ATM at Defcon. He now has one less fake ATM and a whole lot of investigators on his tail."

cancel ×

394 comments

Epic Fail (4, Insightful)

TornCityVenz (1123185) | more than 4 years ago | (#28920493)

One wonders if it wasn't just bait to get security to tip their hand for a more thought out caper.

Re:Epic Fail (2, Insightful)

Fluffeh (1273756) | more than 4 years ago | (#28920541)

I would doubt that. If anything, maybe someone suggested it as a location for a joke and some dumb bewb fell for it.

It would be like telling some dumb fool to try to set up fake slot machines in the lobby of some Vegas casino for a laugh and watching the tit go ahead and do it...

Re:Epic Fail (4, Funny)

EdIII (1114411) | more than 4 years ago | (#28920757)

One wonders if it wasn't just bait to get security to tip their hand for a more thought out caper.

Been watching Oceans Eleven have we?

First Post ? (-1, Troll)

lbalbalba (526209) | more than 4 years ago | (#28920497)

Srry, just had to say that sometime ...

Re:First Post ? (-1, Troll)

lbalbalba (526209) | more than 4 years ago | (#28920539)

Damn, missed it by an inch/microsec... :(

Re:First Post ? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#28920947)

You worthless, non-contributing faggot.

Srry, just had to say that sometime.

Re:First Post ? (0)

Anonymous Coward | more than 4 years ago | (#28921391)

Please don't feed the trolls!

Srry, just had to say that sometime ...

Defcon 5 isn't peaceful enough (5, Funny)

Anonymous Coward | more than 4 years ago | (#28920517)

I know we've been pulling out of Iraq, but going down to Defcon 17 just seems ridiculous.

Re:Defcon 5 isn't peaceful enough (-1, Offtopic)

lbalbalba (526209) | more than 4 years ago | (#28920549)

rofl. Yo, mod this up Funny +17 :)

Re:Defcon 5 isn't peaceful enough (0)

Anonymous Coward | more than 4 years ago | (#28920779)

Agreed. I mean, what's next? Defcon 18?

Re:Defcon 5 isn't peaceful enough (-1, Troll)

Anonymous Coward | more than 4 years ago | (#28920793)

I don't know about you, but when I suddenly withdraw, my girlfriend gets more worried. I'm pretty sure her defcon goes up to 2.

Pedant Warning! (5, Funny)

ZackSchil (560462) | more than 4 years ago | (#28920525)

Article contains the terms "ATM Machine" and "PIN Number". Read at your own risk.

Re:Pedant Warning! (5, Funny)

Anonymous Coward | more than 4 years ago | (#28920547)

Yeah, like we are going to RTFA the farking article.

Re:Pedant Warning! (0, Redundant)

Aphex Junkie (633436) | more than 4 years ago | (#28920567)

Yeah, like we are going to RTFA the farking article.

That's pretty redundant

Re:Pedant Warning! (2, Funny)

MeatBag PussRocket (1475317) | more than 4 years ago | (#28920613)

***WOOOOOOOOSSSSSHHHHH***

Re:Pedant Warning! (3, Funny)

Anonymous Coward | more than 4 years ago | (#28920693)

Modded redundant! One can almost taste the poetic justice.

Re:Pedant Warning! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#28920841)

The moderation on this comment is a work of art.

Re:Pedant Warning! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#28920589)

SOB bitch!

Re:Pedant Warning! (5, Funny)

Mononoke (88668) | more than 4 years ago | (#28920633)

Read at your own risk.

At whom else's risk would I read it?

Re:Pedant Warning! (-1, Redundant)

NoobixCube (1133473) | more than 4 years ago | (#28920695)

The risk of those nearby when so many redundant phrases finally make you snap?

Re:Pedant Warning! (2, Insightful)

jbburks (853501) | more than 4 years ago | (#28921125)

This is hosted in the US. It's at the poster's and the hoster's risk. I can sue you if it's true. I can sue you if it's not true. I can sue you if I'm blind and you don't have captions on the images. I would not sue for these, but plenty of other operators have been sued for just this kind of thing.

Re:Pedant Warning! (4, Funny)

Minwee (522556) | more than 4 years ago | (#28920639)

Maybe it is referring to the other, NSFW definition of ATM. This is a hotel in Las Vegas, you know.

Re:Pedant Warning! (5, Funny)

MaskedSlacker (911878) | more than 4 years ago | (#28920675)

Asynchronous Transfer Mode? (Imagining that as a sexual euphemism gives me all kinds of degrading ideas)

Re:Pedant Warning! (0)

Anonymous Coward | more than 4 years ago | (#28921081)

It's called "Two Girls, One Cup."

I'm not killing my karma for that, though.

Re:Pedant Warning! (-1, Redundant)

Translation Error (1176675) | more than 4 years ago | (#28920803)

If I had mod points, I'd be soooo tempted to mod that post redundant...

Re:Pedant Warning! (-1, Redundant)

gavron (1300111) | more than 4 years ago | (#28921023)

Don't worry. The mods don't have that kind of understanding. They're still trying to figure out how to use their SDMP points.

E

Re:Pedant Warning! (0, Redundant)

Starayo (989319) | more than 4 years ago | (#28920825)

Remember to keep your PIN number safe for use with ATM machines.

A message from the Department of Redundancy Department.

Re:Pedant Warning! (-1, Troll)

Anonymous Coward | more than 4 years ago | (#28920833)

fuck you. [wikipedia.org] slashfag

Re:Pedant Warning! (2, Funny)

rlseaman (1420667) | more than 4 years ago | (#28920849)

Would you really prefer "AT Machine" and "PI Number"?

Re:Pedant Warning! (2, Informative)

Anonymous Coward | more than 4 years ago | (#28920903)

I can't tell if you're joking or if you're actually that stupid. I'm pretty sure the perfected way would just be ATM and PIN, without the redundancy.

Re:Pedant Warning! (4, Interesting)

theshowmecanuck (703852) | more than 4 years ago | (#28921401)

Being Canadian I usually call it a 'bank machine' rather than an ATM. That is the common term here, very few people call it an ATM. The funny thing is, when I lived in the U.S. I would have to remember to use the term ATM instead of bank machine. While some people knew what I meant when I would ask, "where's the closest bank machine," an unbelievable number would look at me with a blank stare and ask what I meant. Then I would remember and say, "the closest ATM." Then I would get a look of understanding and then the directions. In fact I would hazard that something like 60 or 70% of the people would respond like that. I can't give exact numbers, but absolutely for sure, most people didn't know what I meant by 'bank machine'. The same when I asked for the 'bathroom'. I would have to translate to 'rest room' (the WC for those overseas :) ). When I remembered to use the local term, they would ask why I call it a bathroom, there aren't any baths there. And I would reply, why do you call it a rest room, I can tell you for sure I won't be doing any resting... maybe a lot of grunting, but no resting. It's funny how English can be so different. That's my story and I'm sticking to it.

Re:Pedant Warning! (5, Funny)

machine321 (458769) | more than 4 years ago | (#28921423)

So, in Canada, if you're going to steal a money-dispensing machine, you tell people you're going to take a BM?

Re:Pedant Warning! (1)

theshowmecanuck (703852) | more than 4 years ago | (#28921469)

Way too funny... please mod up? roflmao

Re:Pedant Warning! (0)

Anonymous Coward | more than 4 years ago | (#28920995)

You mean pi?

Re:Pedant Warning! (2, Funny)

johncadengo (940343) | more than 4 years ago | (#28921061)

I can just imagine the conversations...

"Honey, I'm at the at machine, but I forgot my pi number."
"Daniel [wikipedia.org] babe, its 3141 you should know this by now."

Re:Pedant Warning! (1, Offtopic)

phoenix_rizzen (256998) | more than 4 years ago | (#28921065)

No, but one could use the much simpler "ATM" and "PIN". Everyone knows the former is a machine, and the latter is a number. To be most correct, and formal, one could even expand the abbreviation the first time it is used.

Re:Pedant Warning! (2, Funny)

sconeu (64226) | more than 4 years ago | (#28921139)

But I *want* an Automatic ATM Machine and a Personal PIN Number!

Re:Pedant Warning! (0)

Anonymous Coward | more than 4 years ago | (#28921157)

Would you really prefer "AT Machine" and "PI Number"?

PI number, but to how many decimal places?

Re:Pedant Warning! (0)

Anonymous Coward | more than 4 years ago | (#28921367)

I use the expression "ATM Machine Machine" just to emphasise the redundancy.

What's the alternative? (5, Insightful)

Anonymous Coward | more than 4 years ago | (#28920851)

Article contains the terms "ATM Machine" and "PIN Number". Read at your own risk.

People - and by this I mean people on Slashdot, I've not seen anyone complain about it elsewhere - always complain about that. But what's the alternative?

It could be referred as "Personal Identification Number" which is just overly long and besides, everybody just knows it as PIN. They could just say "it would scan their card information and record the PINs they entered" but I don't think it is very good. I know the capitalization makes the necessary difference between "pins" and "PINs" here but honestly, that version still looks a bit out of place to me.

One could say "PIN code". It is the version usually used here in Finland ("PIN-koodi") but the difference to PIN number gets very small.

PIN isn't just an acronym for Personal Identification Number. It is, in itself, a name for a short, usually 4 to 8 digits long digit based password. I could bet a lot of money that most of people don't convert the acronym to words when they read text.

Besides, the ATM machine is used what, once? Most of the time it uses just ATM.

With the massive amount of acronyms we have, especially short ones, a lot of them have multiple meanings. While it is relatively easy to understand these ones in this context, I fully support people adding an additional word to tell which meaning of some acronym is meant in a given situation. At least once in an article. There has been too many times I've seen some acronym, tried to google it, found a dozen different meanings and have had no idea of which it refers to.

Re:What's the alternative? (1)

SepticPig (444148) | more than 4 years ago | (#28921045)

We are just old, get used to it.

Yes, we know that the usage is redundant. These articles are written for the lay reader however.

Some call it dumbing down, marketing people call it accessability.

Get used to it, we wanted it to be convenient to contact Grandma from our comfortable chairs.

We got that

No surprise then that there is now a section of the press that writes in Grandma speak

Re:What's the alternative? (1)

phoenix_rizzen (256998) | more than 4 years ago | (#28921067)

The more correct (and formal) usage would be to use the abbreviations by themselves, but to expand them the first time they are used. It's not a "PIN number" or "PIN code" it's just a "PIN". It's not "an ATM machine", it's just "an ATM".

Re:Pedant Warning! (0, Offtopic)

soniCron88 (870042) | more than 4 years ago | (#28920975)

Rated "5, Informative" was enough for me.

Re:Pedant Warning! (-1, Troll)

interkin3tic (1469267) | more than 4 years ago | (#28921069)

Since more people say "PIN number" and "ATM machine" than people who care that it's redundant, I'd argue those terms are now correct.

Re:Pedant Warning! (1, Funny)

Anonymous Coward | more than 4 years ago | (#28921191)

By your logic, "r u going 2 da store" is properly formed English.

Re:Pedant Warning! (5, Insightful)

epine (68316) | more than 4 years ago | (#28921233)

Article contains the terms "ATM Machine" and "PIN Number". Read at your own risk.

Languages are shaped by cognitive cost. This is what Steven Pinker seems not to get. There _is_ an innate language instinct, it's just not what he thinks it is. What we all share is the ability to introspect the cognitive cost of figuring out "WTH is this dude trying to convey?"

One of the key insights on language is that Lempel-Ziv compression never transmits the compression dictionary. The dictionary is implied because the compression program and the decompression program share the same dictionary construction heuristic. This is a trick you can pull off only if the two sides of the channel share the same cognitive architecture. There are no shortage of examples out there of how fast communication breaks down when the parties begin with fundamentally different premises on how to structure the categories of thought.

Here's another fundamental question: what portion of the brain's cognitive activity is devoted to power management? For one thing, glucose is precious resource, and the brain is a chug-a-lug organ where it comes to glucose consumption. For another, the brain is costly to cool. From the real-time perspective (which governed 5.999 million years of human evolution), there's not much use firing up the abstract-noun chocolate factory when you need a survival response in under 100ms.

There's another truism here: fool me once, shame on you, fool me twice, shame on me. (Or, if you've spent forty years fouling your spark plugs, "fool me once, shame on -- shame on you. Fool me -- you can't get fooled again.")

When you get surprised by a lion, first you need to act, secondly, you need to record, to avert recurrence, after deferred reflection.

However, the brain does not record broad-spectrum. There's just too much. It's easy to build a PVR these days with 1TB of storage. I still haven't seen one where the tuner is replaced by a DC-to-daylight recording mode.

You can't defer deciding what to record for very long. So this is an obligatory cognitive function when your brain is already heavily loaded. At high enough stress levels, the recording function does shut down. Assessing and responding to cognitive burden is a mission-critical survival function. This is a key foundation for language learning.

A child doesn't need a special gene to discover the linguistic consequences of garden path sentence structures. "Oh damn, my mind when the wrong direction, and I wasted cognitive effort". Thus a child can self-infer a constraint on viable grammatical form, even if, in the manner of an LZW dictionary, the constraint is never explicitly conveyed from the language proficient to the language learner. The underlying assumption that makes this work in practise is that the architectural model of the child's brain resembles that of the rest of the population. This is 99% satisfied by being a member of the same species, without any weird genetic Pinkerisms.

As the language convention becomes more sophisticated, some parameters in the ambiguity resolution process become social constructs. Given a conflict between two heuristics, which takes priority? The important thing to realize about socially determined linguistic parameters is that they tend to vary across discourse settings. Experts have slightly different rules among themselves than apply in heterogeneous settings, where, e.g. half the people involved are ESL.

There was a thread here the other day on the consequences of a non-specialist treating guilt and liability as vaguely synonymous in exactly the wrong forum (wrists cuffed to ankles by the minions of RIAA).

A person incapable of pedanticism is not likely to succeed with either law or software. (This is one of the reasons why the IANAL meme on slashdot annoys the hell out of me: if the law is too complex to be successfully interpreted by a concentrated group of the weediest pedants on planet earth, just maybe perhaps the root cause is professional insularity rather than necessary linguistic specialization.)

Pendanticism thus becomes a social shibboleth to enforce linguistic in-group social conventions. In this forum, I don't wish to belabour pedantic subtext, e.g. it's no fun to mock something if you have to explain the joke. (That was a pedantic joke about the difference between i.e. and e.g. with a gratuitous recursion.)

The problem then becomes the degeneracy of this, where low-status participants wish to flash their in-group creds without doing any mental work (that lazy brain thing) and where anything that bears even the faintest random resemblance to a witty nerdicism is interjected as tedious obbligato. These posts hang around like writing on the bathroom wall at a cadet training school, where it functions as a Rosetta stone for the rubbiest of rubes.

The "ATM Machine" linguistic construct is a linguistic violation only with respect to the homogeneity premise. This is exactly the kind of ugliness we must tolerate when experts attempt to communicate with non-experts. The homogeneity premise gains prominence in any forum where the primary matter at stake is in-groupiness. In other words: wank on. Being pedantic about pedanticism plays the same way on slashdot that a falsetto competition plays at a Gay Pride parade.

Sometimes, however, the right thing to do is to let it go. The entire Chinese language made that decision when it decided that two-character nouns was not a form of redundancy, but a great aid in reducing cognitive burden for everyone involved.

I wrote this post because I actively struggle with this particular construct. In my own notes, I tend to write out the redundant noun, because in this form I read it faster, even though it makes me gag every time. I'm just not wired to shave 1% in comprehension speed for a 100% gain in elegance.

It's like the she/he/their thing. There's so single optimal setting. So I do both: if the sentence is a throw-away (e.g. transition to the meat of the matter) I tend to go with "their" in my best imitation of Visual BASIC. For a formal, high cognitive-density sentence I usually find myself reverting to she/he. If style is an essential virtue (sometimes it is) then I'll bother to recast the sentence and skirt the problem entirely on the grounds that every great stylist is one part chicken shit.

Complete FAIL for eveyone, including law enforcemt (5, Interesting)

Radtastic (671622) | more than 4 years ago | (#28920529)

FTA, "Conference organizers notified local law enforcement who hauled away the machine on Thursday or Friday".... Wouldn't they have been better served monitoring the device to see who came and picked it up?

Sorry, I'm no expert here. Is there a way to monitor if the device was broadcasting wirelessly, preventing the need of a physical retrieval?

Re:Complete FAIL for eveyone, including law enforc (4, Insightful)

ZackSchil (560462) | more than 4 years ago | (#28920553)

Even if they could monitor it wirelessly, they should have just carefully disabled the wireless transmission (aluminum foil?) and grabbed whoever came to check in on it.

Re:Complete FAIL for eveyone, including law enforc (0)

Anonymous Coward | more than 4 years ago | (#28920597)

If they'd left it and watched, they may have been complicit in the skimming. On the other hand, if they put a warning sign on it or turned it off, the perps would notice and scarper instead of loading it up.

Re:Complete FAIL for eveyone, including law enforc (5, Insightful)

mysidia (191772) | more than 4 years ago | (#28920913)

They could have covertly had an undercover agent place an "out of order" sign on it; perhaps after trying to use a 'special' jailbait ATM card and PIN number, and the device failing to dispense $$$.

Just like a citizen might do as a service to others when they found the ATM didn't seem to be working..

The perps would probably send someone to investigate why they weren't getting any numbers. If investigators were recording with video surveillance, they could get leads that way.

Re:Complete FAIL for eveyone, including law enforc (5, Funny)

e9th (652576) | more than 4 years ago | (#28920603)

I think the real fail was the cops hauling the machine away without asking for help from the Defcon attendees. Sort of like a guy having a heart attack at a cardiologists convention and the cops keeping everybody back until an ambulance can arrive and take him to a hospital.

Re:Complete FAIL for eveyone, including law enforc (1)

nhytefall (1415959) | more than 4 years ago | (#28920689)

C'mon, it was Defcon. Law Enforcement did the right thing... there are laws and regulation for a reason, you know.

Re:Complete FAIL for eveyone, including law enforc (4, Funny)

e9th (652576) | more than 4 years ago | (#28920875)

So you think of it more like finding a bomb at an explosives convention. Fair enough -- the cops were probably worried about some guy in the back yelling whatever the ATM equivalent of, "Cut the BLUE wire!" is. ;)

Re:Complete FAIL for eveyone, including law enforc (5, Funny)

Xemu (50595) | more than 4 years ago | (#28920711)

I think the real fail was the cops hauling the machine away without asking for help from the Defcon attendees.

The true FAIL was the Defcon attendees failing to spot and realize that the cops hauling the machines away were fake, and the ATM was real.

Re:Complete FAIL for eveyone, including law enforc (0)

Anonymous Coward | more than 4 years ago | (#28920753)

How about both fake cops and a fake ATM?

Re:Complete FAIL for eveyone, including law enforc (1)

mysidia (191772) | more than 4 years ago | (#28920937)

If the cops were fake, it could have been the perps' emergency method of retrieving their fake ATM to use it again later.

But if people at Defcon called the police, it's unlikely that fake cops would be dispatched, that is: unless the scammers were police insiders themselves.

Re:Complete FAIL for eveyone, including law enforc (1)

TimSSG (1068536) | more than 4 years ago | (#28921015)

But, did they use an Hotel phone or a outside line?
I say it could be an Hotel Security inside job.

Tim S

Re:Complete FAIL for eveyone, including law enforc (1)

billcopc (196330) | more than 4 years ago | (#28921377)

How about real cops and a real ATM ?

What ??? You think those guys are all honest ? Humans is humans.

Re:Complete FAIL for eveyone, including law enforc (0)

Anonymous Coward | more than 4 years ago | (#28921265)

Step aside wallet inspector coming though!

Re:Complete FAIL for eveyone, including law enforc (2, Insightful)

lena_10326 (1100441) | more than 4 years ago | (#28921195)

There is a reason for following procedure during an investigation. If you have a piece of evidence in a criminal investigation, you don't let people touch it willy nilly because later in trial it could be thrown out on the grounds it was tampered with. The second reason is the criminal could have been watching in the crowd. Letting random invididuals get access to the machine could enable a criminal to erase the data by hitting a reset switch. The police had no idea who planted it there so they could not trust anyone other than law enforcement officials to go near it. This is in no way similar to your cardiologist/heart attack patient scenario.

Re:Complete FAIL for eveyone, including law enforc (2, Funny)

e9th (652576) | more than 4 years ago | (#28921419)

You're taking this more seriously than I am, but OK.

Shouldn't the police assume that the victim at the cardiologists convention had been injected with KCl or adenosine+lidocaine by one of the attendees, and thus wait for independent medical professionals to arrive rather than allowing "random individuals" to act? After all, allowing others access to the guy might cloud any subsequent investigation.

That's certainly a win-win for the cops -- if they delay treatment and the guy dies, their investigation has gone from attempted murder to murder, a plus, and their evidence hasn't been tainted, another plus.

Re:Complete FAIL for eveyone, including law enforc (1)

olddoc (152678) | more than 4 years ago | (#28921447)

Not funny. It's actually a very good point!

Re:Complete FAIL for eveyone, including law enforc (4, Interesting)

nurb432 (527695) | more than 4 years ago | (#28920931)

I would think that the hardware would be considered a loss once placed.

Re:Complete FAIL for eveyone, including law enforc (2, Insightful)

Sancho (17056) | more than 4 years ago | (#28920953)

Do thieves actually come back for these? I'd definitely expect it to be wirelessly transmitting, or to be watching for a special card to be inserted to which it would download the skimmed information.

Re:Complete FAIL for eveyone, including law enforc (2, Insightful)

FroBugg (24957) | more than 4 years ago | (#28920991)

In order to do that, they would have had to leave it out in the open and allowed people to use it, so as not to make the criminal suspicious when he returns to retrieve it. You then have people making transactions of questionable legality (I didn't read to see if it actually dispensed money or just showed an error after getting the PIN), and increase the possible damage if it is transmitting in a way they didn't uncover or if the criminal manages to extricate the information while they're watching it.

They're better served by taking it away and studying it for clues as to the criminal.

Re:Complete FAIL for eveyone, including law (1)

ProfM (91314) | more than 4 years ago | (#28921257)

You then have people making transactions of questionable legality...

Of course, placing a low-tech "Do not use, fake ATM, will steal your information" sign could have worked just as well, and then do as the OP mentioned, place surveillance on the unit.

Las Vegas Hotel, Everything is monitored (2, Interesting)

cenc (1310167) | more than 4 years ago | (#28921137)

Sorry, Las Vegas casino Hotel. There are cameras in the toilets. They likly already know who they are.

Re:Las Vegas Hotel, Everything is monitored (4, Informative)

kent_eh (543303) | more than 4 years ago | (#28921219)

FTFA:
They were smart enough to place the machine in one of the few spots in the hotel where there was no security camera to catch them,

Everything is monitored ... except this ATM (2, Interesting)

daryl_and_daryl (1005065) | more than 4 years ago | (#28921261)

Sorry pulled the evil trick of RTFA:

Computer World By Robert McMillan
August 2, 2009 04:59 PM ET

They were smart enough to place the machine in one of the few spots in the hotel where there was no security camera to catch them, Priest said. "It was literally right next to the hotel security entrance."

Fake ATMs (4, Funny)

girlintraining (1395911) | more than 4 years ago | (#28920545)

They make it sound like this was done by criminals. Who's to say it wasn't really a job offer in disguise? ;) "First person here to notice this gets a job offer."

Re:Fake ATMs (1)

riff420 (810435) | more than 4 years ago | (#28920815)

A job offer from a complete and utter moron? Where, oh where do I sign up?

No Darwin Award, though (0, Troll)

turbotroll (1378271) | more than 4 years ago | (#28920593)

Too bad the scumbag didn't die in the process. It would be such a nice Darwin Award winning material...

Re:No Darwin Award, though (0)

Anonymous Coward | more than 4 years ago | (#28920671)

And in completely unrelated news a teen was hit by a car outside Defcon.

Witnesses reported seeing him walk into traffic whilst trying to pickup a wireless signal....

No cash. (1)

sharp3 (1195261) | more than 4 years ago | (#28920621)

I would call shenanigans as soon as I didn't get any cash out of the machine.

Re:No cash. (2, Interesting)

DigiShaman (671371) | more than 4 years ago | (#28920721)

It's been my understand that these machines would prompt the customer with "out of order, your transaction has been refunded" or some such message. They would walk away with a peace of mind while their account info has been recorded. But yes, I would have bitched at the front counter asking them when it would get fixed. That at least would have called some attention to it.

Re:No cash. (4, Informative)

Oktober Sunset (838224) | more than 4 years ago | (#28920823)

Real ATM's say if they are out of cash before you put your card in.

Re:No cash. (2, Informative)

sleigher (961421) | more than 4 years ago | (#28921095)

That's true but I have had ATM's fail to dispense after entering my info before.

Re:No cash. (0)

Anonymous Coward | more than 4 years ago | (#28921275)

You might want to double-check the transactions on your account.

Re:No cash. (-1)

Anonymous Coward | more than 4 years ago | (#28921289)

Was your bank account empty right after that?

Re:No cash. (1)

sleigher (961421) | more than 4 years ago | (#28921413)

No. It was a legit ATM that failed to dispense. Guess I was lucky?

Re:No cash. (1)

microcars (708223) | more than 4 years ago | (#28921411)

I also had the ATM at my BANK do that to me at 6am. Everything was fine until it went through the motions of dispensing the cash, I could hear the machine whirring away trying to count the paper, then the dispenser door did not open, then I got a receipt, then the machine conked out and showed an error message on the screen.

My bank credited my account in 3 days.

Re:No cash. (1)

petermgreen (876956) | more than 4 years ago | (#28921301)

But out of cash is far from the only reason a transaction can be failed by an ATM.

Re:No cash. (3, Insightful)

Odinlake (1057938) | more than 4 years ago | (#28921341)

Can't speak for all ATM's but one possibility is to report some "unknown communication error" right after accepting the pin. I've gotten something like that a couple of times (yes, from ATM's I know are not fake).

Re:No cash. (5, Informative)

JaredOfEuropa (526365) | more than 4 years ago | (#28920847)

But yes, I would have bitched at the front counter asking them when it would get fixed. That at least would have called some attention to it.

Indeed... that is why the ones that you really have to watch for aren't complete fake machines, but little recording devices placed in front of the real machine. You put your card in, enter the code, get your cash... and 5 minutes later some criminal in Eastern Europe runs off a copy of your card and cleans out your account.

A nice example of such a skim job is this one [nl.net] . The page is in Dutch but the pics are interesting... the guy happened to notice the false front was just a tad too clean, and on closer inspection noticed a recording head just behind the card slot. He ripped the thing from the machine and made a few pictures of it before turning it in to the police. The guy might have been observant, but thousands of people already had put their card through the machine without a second glance. I probably would not have noticed this myself either.

These criminals are getting more sophisticated now that people watch for false fronts, and machines are being altered to make it impossible to add them. These days they simple break into stores, open up card readers at the checkout counters, and add devices that record PINs and magnetic strips. One week later they break in again to retrieve their devices... some even use WiFi to read the data remotely from a nearby van, reducing the chances of getting caught.

Thankfully the banks here refund any skimmed funds as a rule.

Re:No cash. (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#28920933)

I would call shenanigans...

Shenanigans? Are you 12? Good grief!

Re:No cash. (1)

hedwards (940851) | more than 4 years ago | (#28921013)

That machine was manufactured by Diebold you insensitive clod.

E for Effort (0)

Anonymous Coward | more than 4 years ago | (#28920665)

Certainly not the smartest place to attempt a legitimate scan but a great place to test one out. Shoot a good quantity of the countries security experts and if he could of pulled it off he would have been hailed for it. I thought the typical atm scam was not an entire fake atm though, thats pretty idiotic. Usually its just an unnoticeable attachment to an existing atm that gets card numbers and maybe can capture pin entries through video or something, but seriously who in there right mind is going to use any sort of machine that accesses the internet out of a friggin hacking conference anyways. Anyone who has been to any defcon knows they'd banner your partial account number, name and pin for everyone to see jeez. but you just had to buy that 'pwn'd by hckz0rz3d' t-shirt didn't you...

Damn, I wish I noticed it... (3, Interesting)

nweaver (113078) | more than 4 years ago | (#28920681)

I wish I noticed it. I would have gotten a starbucks card and see if I could withdraw some cash...

Re:Damn, I wish I noticed it... (1, Interesting)

Anonymous Coward | more than 4 years ago | (#28920781)

I carry a variety of cards with 'valid' CC and expiration dates. Swipe one and enter a any old pin and see if it gives money. Then do it again with the other cards if it spits out any money. Then go make more cards.

Re:Damn, I wish I noticed it... (5, Funny)

Vectronic (1221470) | more than 4 years ago | (#28921005)

Yeah? and I climb rainbows for a living... with our powers combined, we form Captain Planet.

Pff (0, Redundant)

Daas (620469) | more than 4 years ago | (#28920687)

That's what I call good product placement.

FTW (1)

cobrachaos (1610589) | more than 4 years ago | (#28920775)

Yeah it wasn't hard to notice I'm sure as it was the only ATM at the conference. Any machines set up at a hacking conference that are going to be accessing or appear to be accessing the internet are asking you, "Can we please show everyone how much of a moron you are?" but of course one can't deny the need for that "pwn'd by hckz0rz3d" t-shirt... it'd almost be worth it too...

had to be a prank (-1, Redundant)

nbauman (624611) | more than 4 years ago | (#28920795)

TFA:

"It was literally right next to the hotel security entrance."

Security Office (4, Insightful)

Zerocool3001 (664976) | more than 4 years ago | (#28921087)

They were smart enough to place the machine in one of the few spots in the hotel where there was no security camera to catch them, Priest said. "It was literally right next to the hotel security entrance." So even the security officials don't like to be spied on.

Trojan! (0)

bwashed75 (1389301) | more than 4 years ago | (#28921099)

I get it. It's a local law enforcement inspection device disguised as a fake ATM

Easy to avoid (4, Insightful)

QuoteMstr (55051) | more than 4 years ago | (#28921167)

The fake-ATM problem is just a man in the middle attack. We've known how to deal with MITM attacks for decades: use public-key cryptography and a secure key exchange algorithm like Diffie-Hellman to create an authenticated, secure channel. That's how SSL works.

Credit and debit cards should contain a small microprocessor that communicates with bank, check its identity, and establish a secure channel. Even if an attacker could read and modify traffic between the card and the bank, he couldn't interfere with the transaction (other than by stopping it entirely).

Of course, this scheme doesn't allow offline credit card processing, but that's rare these days. If you still need to bother, just use an old-fashioned imprint machine.

The larger problem is just of backwards compatibility, which is why we'll never see the sensible scheme above implemented in our lifetimes.

Cancelled talk (1)

gmuslera (3436) | more than 4 years ago | (#28921211)

Maybe that ATM was a demo that would be used by someone having a talk on ATM security and people gullibility to show a point. Now the feds got involved and that expert will have to do his talk at Guantanamo.

Would be somewhat similar to what happens when security experts want to show that a system is vulnerable and get jailed for that.

President Obama to ban comic books. (-1, Troll)

Anonymous Coward | more than 4 years ago | (#28921269)

He has said that they are the last bastion of pasty white nerds.

He also went on to say that any white man trying to get a white woman pregnant must first let a black man try as part of his new equal opportunity package.

Fuck Louis Gates

Straight up!

Going for broke (3, Interesting)

davidwr (791652) | more than 4 years ago | (#28921371)

Just imagine the headlines if they had succeeded: "Security experts lose bank accounts to scammers."

If you have the cojones to put your fake ATM in a security conference at least have the brains to do it right.

--

Far better if this were an "pentest" with the "we'll stand back and watch" cooperation of the bank whose name is on the ATM. Scenario: White hat hackers to to BigBank and the hotel and say "We want to do a demonstration. We have a fake ATM we want to put in the DefCon hotel. We want to rig it so people's ATM codes are stored in the machine, encrypted, for later retrieval. BUT you, the bank, get the decoding key. At the end of Defcon we'll announce the prank. We'll give a $100 gift card and a a plaque to the first attendee who spots that it's a fake."

Now that would be cool.

Real Irony (1)

PPH (736903) | more than 4 years ago | (#28921381)

... would have been if some thieves backed a pickup truck up in the middle of the night and dragged this thing off.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...