×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Criminals Use 3D-Printed Skimming Devices On Sydney ATMs

samzenpus posted about 8 months ago | from the crime-that-pays dept.

Crime 110

AlbanX writes "A gang of suspected Romanian criminals is using 3D printers and computer-aided design (CAD) to manufacture 'sophisticated' ATM skimming devices to fleece Sydney residents. One Romanian national has been charged by NSW Police. The state police found one gang that had allegedly targeted 15 ATMs across metropolitan Sydney, affecting tens of thousands of people and nabbing around $100,000."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

110 comments

ah my countrymen... (0)

Anonymous Coward | about 8 months ago | (#44581041)

I hope the police gets'em.
I would have liked them to consider the damage they're doing to the rest of us hard working and law abiding people in the eyes of the rest of the world..

Re:ah my countrymen... (1)

Joining Yet Again (2992179) | about 8 months ago | (#44581315)

"Hard working" is the opposite of capitalism's philosophy by design.

"Law abiding" is just a risk minimisation strategy.

I know Romania's been dragged from the horror of despotism into the quagmire of neoconservatism, but really, patriotism's never the way forward, nor is pandering to the propaganda of the Protestant work ethic. These guys are just dicks who are taking advantage of the guy on the street.

Re:ah my countrymen... (-1)

Anonymous Coward | about 8 months ago | (#44582009)

I hope the police gets'em.
I would have liked them to consider the damage they're doing to the rest of us hard working and law abiding people in the eyes of the rest of the world..

Send the US or Canadian police to NSW for a week and they'll shoot-up every criminal as they unload their magazines. Excessive force is synonymous with North American law enforcement these days.

Re:ah my countrymen... (1)

Anonymous Coward | about 8 months ago | (#44583349)

All they did is take notes of debt. The bankers can print more. The only people it really hurts is the bankers. They deserve it fucking slave masters. There is no crime unless another natural person is injured or infringed upon.

hmmmmm (1)

bnoel (1447271) | about 8 months ago | (#44581059)

not sure how this affected tens of thousands of people... seems like a stretch to me... it affected 5 bank employees and 1 insurance company...

Re:hmmmmm (0)

Anonymous Coward | about 8 months ago | (#44581085)

They also used Manufacturer made ATM's and government built roads.

Re:hmmmmm (3, Informative)

Anonymous Coward | about 8 months ago | (#44581115)

People should not lose any money when their cards get skimmed... However, when you find out, and contact your bank, they will immediately block your card, meaning that your access to cash is a little more difficult. Also, it may take several days until you get your money back. It's not the end of the world, but it surely is inconvenient. And therefore, people are affected too.

Totally the fault of the USA (4, Informative)

norpy (1277318) | about 8 months ago | (#44581071)

It's about time that US banks caught up with the rest of the world and put chips on all their cards, then we can finally get rid of the magstripes.

While chip&pin has it's security flaws it's way better than the 20 year old magnetic stripe system, in Australia and most of Europe the only reason they still put the stripes on cards is because the cards have to work when people travel to the US.
It's been at least a year since I've seen a reader without chip support in Australia and the only time the magstrip is used is when the chip or contactless read fails.

Maybe its a blessing for the consumer (5, Interesting)

Camael (1048726) | about 8 months ago | (#44581129)

As you have pointed out, European 'Chip-and-PIN' Cash-Card Security have already been cracked by criminals [technewsdaily.com] .

And fair enough, generally cards with chips are still more secure than their magnetic counterparts.

What I am more disturbed about is, from the point of the consumer, it appears that in Europe at least the supposed security of the chip and pin system have been (ab)used by banks to deny refunds to their defrauded clients.

However, the chip and PIN system came under question in 2010, when researchers found that transactions could be executed without PINs.

In their paper, the Cambridge researchers asserted that, based on their conversations with bankers, "banks systematically suppress information about known vulnerabilities, with the result that fraud victims continue to be denied refunds."

Bond asserted that banks are aware of the problem but routinely “stonewall” customers-turned-victims because their transaction records show that the PIN was used.

From the POV of the consumer, I would not favor the use of this newer, more secure system if it shifts the burden of fraud on me with the excuse that "it's unhackable, you must have given them your PIN".

Re:Maybe its a blessing for the consumer (2)

norpy (1277318) | about 8 months ago | (#44581243)

I actually just realised that I do have a non-chip card; my American Express. Apparently my particular bank has chosen not to migrate those to chip cards yet, although Amex have done so on their directly issued ones.

Of course since it's "American" Express i'm going to stand by my "it's America's fault" title.

Re:Maybe its a blessing for the consumer (1)

gl4ss (559668) | about 8 months ago | (#44582233)

the copier is a bit harder to do for chips than for the magstripes. that is the point.

for the record, I haven't heard of any actual working attacks on the chip/pin method, while the magnetic strip needs actually just the magnetic strip copied(having the pin just makes it easier to find a place to get the cash).

and on to the story: 3d printed skimmers are not a new thing! they've been used before. it largely doesn't matter at all how the skimmer is made.

Re:Maybe its a blessing for the consumer (2, Informative)

Anonymous Coward | about 8 months ago | (#44583139)

Firstly yes, there are working attacks. We know that the following attacks have been done by actual criminals, real bad guys, who obtained money or goods through fraud with the attack, some of whom are now in jail for it:

- "YES cards". Fake chip clone cards which are programmed to tell the terminal that the PIN matched, then hand back a data block for the bank which says no PIN was used because the terminal authorised a signature instead. The bank gets the data data, says "Huh, you authorised on a signature? OK" and the transaction goes through. (They can't send back a fake PIN block to the bank because the bank knows the true PIN and will see it was wrong). These were used very widely, banks are slowly, slowly, deploying a newer system that isn't fooled by this trick.

- Fake/ modified terminals. The criminals either own the store, or they bribe the real owner to turn a blind eye as they modify the "tamper proof" terminals to retain the PIN so that it can be used later.

In addition there are attacks that we know work (because researchers have done them, typically after telling the police and any affected retailers what they're going to do) but we cannot prove they've been used by criminals. If you like to believe that criminals are all stupid then maybe these attacks don't worry you:

- UN guessing. The cryptographic nonce used in Chip and PIN is called the UN (Unpredictable Number). But banks trust terminals to make it actually unpredictable. Researchers have demonstrated that it's sometimes just a counter, or other simple predictable output value. The cryptographic security of the design rests on this nonce being unpredictable, by which its designers intended "random", but the acceptance tests just require it not to repeat within a few cycles. Uh-oh. It's hard to make random numbers reliably not repeat, try throwing a die twice in a row, sometimes you get the same number. But it's easy to make a counter, and that always passes the tests.

Shifting the burden for fraud onto consumers is a problem /even if Chip and PIN was flawless/. The same UK investigators who found the UN guessing attack previously investigated a case where the customer's card and PIN were used and they said they'd never received the card or PIN. The bank wouldn't back down, it refused to believe that insiders had stolen the customers details and redirected deliveries to take control of the account, and blamed the customer for everything. Right up until it presented its "proof" that the card was properly delivered. The proof was a courier photo (taken during delivery) of... the wrong address. "That's not my front door" said the customer. Suddenly realising that their house of cards was falling down the bank changed its mind and offered compensation. Why did the customer need to fight this hard? The bank must have suspected from the outset that it had an internal fraud problem, so why try to get the customer to pay?

Re:Maybe its a blessing for the consumer (1)

jonwil (467024) | about 8 months ago | (#44582889)

Here is an idea of how to make a chip-and-pin type technology that is secure:
1.When the user inserts their chip enabled card into the card reader, the chip tells the reader to ask for the users PIN (under this system there would be no such thing as a chip-and-sign card, all cards would require the user to enter their PIN if the reader supports the technology)
2.The card reader provides the merchant account number, payment amount and entered PIN to the chip on the card.
3.The chip combines the merchant account number, payment amount, entered pin and some sort of unique value (the unique value is designed to prevent replay attacks of captured data) into a single piece of data that is then encrypted and signed using a secret key held only in the card chip and the bank computer systems)
4.The card then provides the resulting packet along with enough of the card number and other info to allow the various bank computers to route the packet to the right bank and right account (but not enough information to allow the use of the card in online or other card-not-present transactions)
5.The card is routed to the correct bank system which uses the stored secret key to decode the transaction information (and verify the signature) and then processes the transaction.
6.The results of the transaction (i.e. whether the transaction is successful and the customer has enough funds or not) gets sent back to the merchant terminal that then tells the user and merchant if the transaction succeeded.

Oh and the chip itself would not store any information about the PIN, it would just take the entered pin and send it along with the other details to the bank who would (if the pin is incorrect) send back a "bad PIN" error to the terminal to display to the user/merchant.

Assuming the cryptography chosen is strong enough and the keys are hard enough to extract (whatever they use in the latest generation of mobile SIM cards to keep the keys from being extracted seems like it could work here) then the only real issue would be merchants using hacked terminals (or man-in-the-middle devices between the terminal and card) that pass the card a higher amount for the transaction than the amount displayed to the user. And if the technology to do it is available, the solution to that is to have a little display screen capable of displaying the dollar amount the card is about to authorize (one that can be seen even when the card is inserted into the merchant terminal) to allow the user to verify the value before entering their PIN into the reader.

Re:Maybe its a blessing for the consumer (0)

Anonymous Coward | about 8 months ago | (#44584987)

That is a curiosity of British laws in action. The customer has all the responsibility there. It's not like that in most parts of Europe.

Re:Totally the fault of the USA (-1)

Anonymous Coward | about 8 months ago | (#44581235)

It's about time the US caught up with the rest of the world

Fixed that for you. The rest of the post was just redundant.

Striving for concision!

Re:Totally the fault of the USA (1)

itsme1234 (199680) | about 8 months ago | (#44581271)

The thing is fraud is just not making a dent in their finances to bother. Even with mag stripe the PIN is checked in real time with your bank for any non-trivial transaction, you could have any type of one-time-pass device for ATM transactions (or for purchases over let's say $100 or similar): paper, SMS, token, smartphone offline app, etc. You could have two cards, one without mag stripe. But no, that's just not possible. Even getting one card but without the mag stripe is not possible. I've been thinking to just go ahead and wipe with a magnet the stripe on one of my cards just to be on the safe side. Any experience/tips? I assume just using a strong magnet a couple of times on the stripe would do.

Re:Totally the fault of the USA (1)

khchung (462899) | about 8 months ago | (#44583509)

The thing is fraud is just not making a dent in their finances to bother.

Of course, those frauds (only called "Identity Theft" in the US) make dents only in their customers' finances, not the banks' own finances, why should the banks in the US bother?

Re:Totally the fault of the USA (1)

kwardroid (1466409) | about 8 months ago | (#44583651)

Create to cards your self, cut the chip from the issued card and place on an other card. This leaves you with a magstrip card for bnckward atms.

Re:Totally the fault of the USA (1)

itsme1234 (199680) | about 8 months ago | (#44585099)

This would be a nice idea, if I manage to do it cleanly. (I still want to pay with the card at the stores, in fact I'll be using the card that way mostly).
I wouldn't be able to do it cleanly probably but I'm sure it is possible.

Re:Totally the fault of the USA (1)

cusco (717999) | about 8 months ago | (#44584459)

Yes, killing the mag stripe is quite easy. Open the back of your speaker cabinet and rub the card on the back of the magnet on the woofer (even better if it's playing something with a lot of base). One of the reasons why a lot of facilities moved away from mag stripe cards, which cost about $0.25 each, to prox cards, at $1.50+ each, is because their facilities and maintenance people kept needing to have their cards re-encoded frequently when they were too close to large electric motors starting up. With the introduction of MRI machines to hospitals doctors began to be inconvenienced, which pretty much forced their immediate migration.

Re:Totally the fault of the USA (1)

HJED (1304957) | about 8 months ago | (#44581451)

In Australia EFPOS cards don't have chip & pin, only cards such as Visa and mastercard. Most banks will issue you with an efpos card as well (or only an efpos card)

Re:Totally the fault of the USA (1)

fearofcarpet (654438) | about 8 months ago | (#44581621)

I don't think that is entirely true. The magnetic strip in my PIN card failed and it stopped working on other bank's ATMs. It continues to work fine with my bank's ATMs and in chip readers at retailers... But thanks for reminding me that I have to replace it before I go to the US : )

Re:Totally the fault of the USA (1)

khchung (462899) | about 8 months ago | (#44583471)

It's about time that US banks caught up with the rest of the world and put chips on all their cards, then we can finally get rid of the magstripes.

While chip&pin has it's security flaws it's way better than the 20 year old magnetic stripe system, in Australia and most of Europe the only reason they still put the stripes on cards is because the cards have to work when people travel to the US.
It's been at least a year since I've seen a reader without chip support in Australia and the only time the magstrip is used is when the chip or contactless read fails.

Part of the fault lies with your country's stores, or bank, or both. My credit card has chip and magstrip, at one time when a newb cashier tried to swipe the card through the magstrip reader (instead of correcting inserting the chip end to another slot to use the chip), the machine told her to use the chip instead, i.e. it refused to accept data from the magstrip for a card with chip.

The only people at risk with a fake card with copied magstrip are people with cards that have no chip, i.e. America tourists. All cards from locals have chips on them.

What would happen if my card's chip really failed so it became unusable? I guess I won't be able to use the card anymore until I get a replacement. Most people here have more than one card in their wallet anyway. Security vs convenience, we picked security here, looks like your country picked convenience.

Re:Totally the fault of the USA (1)

cusco (717999) | about 8 months ago | (#44584535)

No, cost. It's not consumers who get to decide what technology to use, it's the executives. When CityCorp can print mag stripe-only cards for $0.25 and chip cards cost >$2.50 the immediate executive decision is for mag stripe. Fraud and other issues aren't going to impact the end-of-year earnings payment that their bonus relies on while higher card costs will, and they'll have moved on to victimize another company by the time those costs become noticeable. Probably European and Australian bank executives stay with the same employer longer than American ones do.

Re:Totally the fault of the USA (1)

Anonymous Coward | about 8 months ago | (#44586009)

In the Netherlands, most banks have disabled ATM transfers from outside the European union by default. Customers have to enable access before going outside EU by using their online bank account. This has reduced skimming with 80% (http://www.rtlnieuws.nl/nieuws/binnenland/skimmen-met-80-procent-gedaald (sorry, Dutch only)).

ATM security (1, Offtopic)

Thanshin (1188877) | about 8 months ago | (#44581079)

Sometimes it's funny how ATMs I see outside of my country (Spain) don't seem to have the security systems that they were forced to use here for problems like the one described in the article.

I also find foreign paper currency to be unsafe, ID documents too easy to forge and store security to be amazingly weak.

Sometimes I wish I lived in one of those countries where all that security isn't needed.

Re:ATM security (0)

Anonymous Coward | about 8 months ago | (#44582097)

As a fellow Spaniard, I can feel your pain. I recently visited some foreign friends, and I was shocked that store clerks never asked for any kind of ID when I wanted to pay by card. That made me to feel very uneasy, as I couldn't help but think what would happen if someone were to steal my card.

Why not a Lathe, Drill Press, or Grinder? (5, Insightful)

Teancum (67324) | about 8 months ago | (#44581111)

I read stories like this that try to diss the use of "3D Printers" as if somehow banning the use of those devices is somehow going to stop criminals from engaging in acts like this. What utter nonsense.

How many other stories about ATM skimmers emphasized any of the tools used to make the devices used to make their devices? Why such a strong emphasis on the 3D printing technology? It sounds like a cool buzz word, but means absolutely nothing other than an attempt to make something new sound frightening because the reporters and police officers involved don't have a clue about how the technology works.... therefore it must be some kind of dark magic that must be brought before the Inquisition and those involved banished to Hell (or some equivalent).

While I don't mind seeing stories like this on Slashdot as it does talk about emerging technologies and their impact upon society as a whole, it still turns my stomach to see such awful reporting overemphasizing the manufacturing technology (it was the lead paragraph) instead of describing what people were doing first. Had the technology being used been mentioned much further into the article, I think it would have been much more appropriate.

Re:Why not a Lathe, Drill Press, or Grinder? (0)

Anonymous Coward | about 8 months ago | (#44581187)

Exactly Mr Sheen.

Re:Why not a Lathe, Drill Press, or Grinder? (0)

Anonymous Coward | about 8 months ago | (#44581379)

A 3D printer makes it much simpler to (in pretty much one step) come up with complex, intricate shapes. Many more steps would be required to sculpt a complicated shape that usually is made by pouring thermoplastic compounds or resins into a mold.

That's why. Makes it trivial to make something look legit, and fool the mark, which is kinda the point. The democratization of fabrication of all manner of things means the democratization of counterfeiting things we rely upon to be genuine, like an ATM's facade.

Re:Why not a Lathe, Drill Press, or Grinder? (1)

solidraven (1633185) | about 8 months ago | (#44582761)

Oh gosh, with a bottle of glue, a block of base material and a CNC mill you can make almost any shape...

Re:Why not a Lathe, Drill Press, or Grinder? (0)

Anonymous Coward | about 8 months ago | (#44582973)

Then why has no one made a wooden gun or ATM skimmer?

Hint: it's because you're full of shit.

Re:Why not a Lathe, Drill Press, or Grinder? (0)

Anonymous Coward | about 8 months ago | (#44584787)

Check the the Special Forces "Black Book" developed at Frankford Arsenal in the late 1960's . Complete instructions on making wooden guns, both pistols (only metal is a nail) and rifle/shotguns (uses water pipe for barrel). All you need is a saw, drill, glue and a few assorted bits of hardware.

Re:Why not a Lathe, Drill Press, or Grinder? (1)

Teancum (67324) | about 8 months ago | (#44586089)

Then why has no one made a wooden gun or ATM skimmer?

Hint: it's because you're full of shit.

There used to be guns made out of cheap plastic with wooden parts that were sold in toy stores that used to be able to take real bullets and were deadly to potential targets. They had the side effect of sometimes jamming up, being incredibly unreliable, and sometimes blowing up in the hand of the guy firing the gun (aka something not really recommended except when you are extremely desperate), but it was done.

The point is that a wooden gun has been made that could even use gunpowder if you wanted. The steel is simply to make it more reliable, accurate, and doesn't really cost all that much more.

Ditto for the ATM skimmers, where you could certainly take a pile of sawdust with some resin and make nearly the identical devices these guys are using with the 3D printers. It just takes some brains.

In other words, you don't have a clue what you are talking about.

Re:Why not a Lathe, Drill Press, or Grinder? (4, Insightful)

VortexCortex (1117377) | about 8 months ago | (#44581411)

Yep, same old scare tactics...

"If you electrify homes you will make women and children and vulnerable. Predators will be able to tell if they are home because the light will be on, and you will be able to see them. So electricity is going to make women vulnerable. Oh and children will be visible too and it will be predators, who seem to be lurking everywhere, who will attack."

“Women’s bodies were not designed to go at 50 miles an hour. Our uteruses would fly out of our bodies as they were accelerated to that speed [on trains].”

Automobiles, Telegraphs, Telephones, Recorded Music, Radio, TV, MTV, Video Games, Internet, Cellphones, 3D printers, RFID, NFC, etc... Near any new technology you'll find unfounded fear drummed up around it. There is a primal fear of unknown that the unscrupulous exploit for popularity. Not even old technology is safe from the fear mongering media mavens: "After this break from our sponsors: Find out what's probably lurking under your sink that could kill you."

When faced with what they do not understand the primitive minded are easily frightened, the futurists eagerly excited, and the practical remain predictably skeptical.

It's sad really. Your "greatest" thinkers in science and philosophy alike shun their feelings. Those primal communications your ancestors scream wordlessly within your mind are ridiculously ignored, at great risk. This valuable primitive mode of thought was proved by evolution to be rational in general, yet is deemed "irrational". In so doing they discourage people from thinking with their whole minds, and thus they become more susceptible targets to the biases of the ancient ones.

So, while one ignorant group is too strongly swayed by their emotions, the other group ignores their instincts completely in the name of rationality and is thus just as ignorant, literally. Don't you see that reasoning with only half a head is dangerous?! I cultivate my "irrational" feelings, I use them as a faster but less accurate logic unit. I let my subconscious quickly analyze situations and then converse with my wise but unlearned ancient ancestors about the dangers and desires we have. When reasoning with others I reach back through the millennnia and consider the subtexts as they would appear to language-less apes. I'm thus able to more effectively communicate my meanings at multiple levels.

Do not so quickly discount the power of a message that wields both logical and primitive persuasions. This is a skill infamously used to sway weak minds by politicians and the media for centuries. This is a technique best learned sooner than later at the point of a pitchfork. While "insightful" folks like you scoff at the story and think them fools for pandering to the populous' fear in the name of greed, I credit them for doing so. If you want to scoff, then scoff at those so-called "great" rational minds who can not do the very same in the name of good... disgusting.

To shrug off the subtext and not heed and hone the subconscious murmurs of your mind is to foolishly disrespect every single elder your lineage has ever had.
And you call yourselves evolved?! You're barely even aware. Humans, ugh, how primitive!

thanks - the above msg brough to you by... (0)

Anonymous Coward | about 8 months ago | (#44581561)

Scientology!

Re:thanks - the above msg brough to you by... (0)

Anonymous Coward | about 8 months ago | (#44582133)

Close; EST. another disgusting sociopath factory.

Re:Why not a Lathe, Drill Press, or Grinder? (1)

StripedCow (776465) | about 8 months ago | (#44582387)

However, there is still the question: is technology really improving our lives?

You might want to read this:

There is, though, one group of Americans that is imperturbably sunny: the Amish. Their depression rates are negligibly low relative to the rest of societys. Their happiness levels are consistently high. The Pennsylvania Amish, when asked how much they agree with the statement: You are satisfied with your life (using a scale of 1 to 10), turn out to be as happy as the members of the Forbes 400. The Amish, though, do without most of what we think of as modern technology. They don’t rely on the automobile, don’t need the Internet, and seem to prefer stability and permanence to the heady growth that propels innovation and the U.S. economy. The comparison is a little facile (the Amish have a lot of other characteristics that make people cheerful, including strong community ties, stable families, and religious faith). But it suggests an interesting question: is it possible that technology, instead of liberating us, is holding us back? Is technological progress merely a treadmill, and if so, would we be happier if we stepped off of it?

Taken from: http://www.technologyreview.com/review/403558/technology-and-happiness/ [technologyreview.com]

Re:Why not a Lathe, Drill Press, or Grinder? (2)

swb (14022) | about 8 months ago | (#44583515)

Well, there's a postcard version of the Amish in their button-free clothes, hand-making all their stuff and living bucolic lives.

And then there's the real world version of the Amish, where young people smoke, drink, and drive cars before they become full members of the church, the internecine religious conflicts involving sects, beard cutting, etc.

I'm pretty sure that despite the awesome appearance of tech-free Amish life, there's a lot of psychological stress maintaining such an existence in the face of the modern world, along with all the stuff that goes on behind closed doors. I have to believe the Amish have their own problems with violence, sex abuse, etc -- we just don't hear about it because their culture keeps a lid on it.

Re:Why not a Lathe, Drill Press, or Grinder? (0)

Anonymous Coward | about 8 months ago | (#44582879)

- Automobiles - massive casualties per year, internal combustion engines heavily contribute to climate change, production of electric cars produces tonnes of toxic waste,specifically in battery cells
- Telegraphs - required training to operate, was a service similar to sending a letter, no longer used by any major nation
- Telephones - instant communication, easily tapped for evidence of crimes blackmail etc..., initially cost a small fortune and still today cost far more to use than necesary due to profiterring gluttons
- Recorded Music - enabled people to enjoy music in isolation, distancing them from their community
- Radio - see recorded music
- TV - 24 hour entertainment leading to passive lifestyle choices and decreased interest in society
- MTV - Mentioning a specific TV channel only serves as a meaningless filler-point
- Video Games - see TV
- Internet - see TV, gives people false sense of community
- Cellphones - see telephones & internet, report your location 24/7 via GPS and cell network triangulation, enables surveillance state via remote activation of camera and microphone
- 3D printers - enables complete novices to produce high quality plastic goods on first attempt, removes education and experience need for several production related skilled trades. enables criminals to create high quality criminal tools without training, greatly reducing the barriers to entry and increasing passive crime.
- RFID - In credit/debit cards enables wireless card skimming, in passports enables ID theft
- NFC - is used to facilitate RFID crimes

Re:Why not a Lathe, Drill Press, or Grinder? (1)

Feyshtey (1523799) | about 8 months ago | (#44583215)

Says the person using a computer over the internet to interact with millions of people on a tech news/forum ....

Re:Why not a Lathe, Drill Press, or Grinder? (0)

Anonymous Coward | about 8 months ago | (#44583985)

No one said there weren't positives or that the positives don't outweigh the negatives in the grand scheme of things, however to dismiss the negatives outright because they don't fit your narrative is the epitome of folly.

3D printers have many legitimate uses, but like all technological advances they will also advance the capabilities of criminals. It just so happens that with zero skill any criminal can produce high quality work, this is unprecedented and is the fundamental reason why 3d printing related crimes are reported as such.

Re:Why not a Lathe, Drill Press, or Grinder? (1)

Feyshtey (1523799) | about 8 months ago | (#44585019)

3D printers have many legitimate uses, but like all technological advances they will also advance the capabilities of criminals. It just so happens that with zero skill any criminal can produce high quality work, this is unprecedented and is the fundamental reason why 3d printing related crimes are reported as such.

When was the last time an article about a technicology-related criminal act mentioned the soldering technology that made it all possible? Or the electrical engineering controversy? Or the dangerous side of progamming languages?

The point is that 3D printing is a tool. Thats it. It's a way to create a thing in the same way a lathe does. You dont hear about how it might be possible for a thug to lathe his own bat that he will obviously use to pummel someone, so we should be afraid of lathes. There arent weekly articles pointing to the dangers of water jet cutters [wikipedia.org] that are more capable of producing a truly dangerous weapon than any 3D printer out there, and function with essentially the same level of required knowledge or skill.

The energy spent pointing out 3D printing is pointless and missguided. It's a witchhunt by ignorant hysterical knotheads.

Re:Why not a Lathe, Drill Press, or Grinder? (1)

cheekyjohnson (1873388) | about 8 months ago | (#44586401)

- Internet - see TV, gives people false sense of community

The only True Sense of Community is what I say it is.

Re:Why not a Lathe, Drill Press, or Grinder? (1)

Anonymous Coward | about 8 months ago | (#44581495)

3d printing and the copyrights of physical items are going to be the next 'war on piracy' type thing.

"You wouldn't pirate your neighbors BMW would you?" That sort of thing. Because soon you will be able to pirate your neighbors plastic trinkets at least to start with...

So we have to start NOW to drum up grass roots hatred for 3d printers and those evil design pirate criminal scum.

Expect these negative type storys that throw 3d printing under the bus to continue for decades. We must stop those evil criminal pirates before you CAN pirate your neighbors BMW.

Watch and see.

Re:Why not a Lathe, Drill Press, or Grinder? (0)

Anonymous Coward | about 8 months ago | (#44583009)

3D printing combined with lost-wax metal casting and you can pirate your BMW today.

On a side note, you have always been able to pirate a BMW. Autoparts stores and scrap yards have all the necessary components.

Re:Why not a Lathe, Drill Press, or Grinder? (0)

Anonymous Coward | about 8 months ago | (#44581563)

Because new things scare and confuse them.

Re:Why not a Lathe, Drill Press, or Grinder? (0)

Anonymous Coward | about 8 months ago | (#44581707)

That's odd, I read these stories as yet more 3D printing hype as if people were unable to make bits of plastic before. Skimming ATM machines is nothing new.

Maybe this will teach the 3D printing fans to stop appropriating every single process to make plastic as "3D printing". Your hype machine has exploded in your face.

Re:Why not a Lathe, Drill Press, or Grinder? (0)

Anonymous Coward | about 8 months ago | (#44582679)

The reason 3D printed crimes are reported as such is not to demonize new technology but to emphasize the simplicity of it. You don't need skills anymore when you can just print your criminal tools. This greatly lowers the skill barrier-to-entry for successful criminals. As 3D printing becomes ubiquitous you will see 3D print related crimes grow exponentially while criminals getting caught will continue to grow linearly.

Real tools require real skills. A 3D printer sidesteps all the skill requirements and enables anyone with hardware to become an instant expert.

What is utter nonsense is dismissing 3D printers as "tools". A tool requires a certain skill level to use effectively. Even a hammer requires skill to strike a nail flat on the head. A printer requires only power, "ink", and a data file. 3D printers are not tools but rather simple dumb-peripherals that anyone can use to great efficacy.

Re:Why not a Lathe, Drill Press, or Grinder? (1)

Teancum (67324) | about 8 months ago | (#44585907)

As if it really took much in the way of even tools to make stuff like they are describing. A trip to Home Depot or Lowe's will get you a pretty wide variety of things including base building materials, buttons, switches, and the ability to simply get kits to build a great many items.... including items that could be used for "illegal purposes" if you had a clue.

Of course you can even buy these tools at these stores together with taking classes on how to use them and books for sale that can teach you most of the techniques needed to make what you want.... assuming you wanted to take the initiative. Watching some YouTube videos wouldn't hurt either, at least for getting some ideas about how to do stuff too.

Even more interesting... (3, Interesting)

geogob (569250) | about 8 months ago | (#44581117)

That they used 3D printing device, is hardly interesting news. That’s just more 3D printing hype. What I find fascinating with this story, is that card skimming at ATM still works, today, in 2013.

It’s clearly a failure to implement the most basic security and authentication features, which are widely available today. How can it be that, today, one can still do any kind of transaction with only a card number and a pin – if a pin is needed at all (eg. For online transactions).

They (the banks and/or credit card companies) try a lot of fancy things like nice holograms on ATM machines or abstruse authentication methods that fail to understand that a simple password is about as safe as the card number itself. This PIN skimming thing is the proof of that.

It’s slowly getting better, with unique number generators for validation or unique numbers sent through SMS. But I hardly believe these solutions are optimal for the users. Perhaps this explains why their implementation is so amazing slow – although I believe it still better to have those as none at all.

Re:Even more interesting... (2, Interesting)

Anonymous Coward | about 8 months ago | (#44581229)

Since we have a chip capable of basic crypto operations why are we not simply using a 1-time pad stored on the chip itself to sign the transaction data, just sign the transaction and add on the CardID+SeqNum then you just have to store 10kb of true random on the card to use as the pad (or whatever amount of transaction attempts you expect the card to use during it's validity window). Just kill the card when it exhausts it's one-time pad.

This system of challenge-response would even allow you to online shop without passing over card details.
Just paste a transaction block into your web banking portal, it spits out a signature for you and you paste it back into the purchasing site.

Re:Even more interesting... (1)

next_ghost (1868792) | about 8 months ago | (#44581493)

Yes, exactly. RSA-based public key cryptography has been around for 36 FUCKING YEARS! Why don't the banks use it already?! All it takes is to store your private key on the card so that it cannot be read from the outside unless you rip the chip out of the card and have the card itself sign transactions when you enter your PIN.

Re:Even more interesting... (0)

Anonymous Coward | about 8 months ago | (#44581635)

Again, chip and pin does this.

Re:Even more interesting... (1)

next_ghost (1868792) | about 8 months ago | (#44582023)

Not really. AFAIK there are two kinds of chip cards: the first kind will tell you everything except the PIN right away. The other kind will tell you everything once you enter the PIN. If you can put a fake keyboard on the ATM which will record and send your PIN to the skimming attachment, you can skim both kinds. Banks here in the Czech republic issue exclusively chip and pin cards but there are still skimming stories on the news almost every month.

Re:Even more interesting... (1)

zippthorne (748122) | about 8 months ago | (#44582039)

Many cards have chips. I have yet to see a card reader in actual use that reads anything but the stripe, though....

I suspect this has something to do with the way the equipment is billed - less secure, stripe-only device must be cheaper for business to "rent", for some reason.

Anyway, for a CC user, who cares - don't pay charges that you didn't make. Let the banks take the risk and realize they need better equipement. It's not like a debit card where you have to beg the bank to give you your money back for the charges you don't make....

Re:Even more interesting... (1)

jonwil (467024) | about 8 months ago | (#44582455)

I dont know which country you are from but here in Australia most of the payment machines in stores read chips. Never seen an ATM that reads chips though.

Re:Even more interesting... (0)

Anonymous Coward | about 8 months ago | (#44581655)

I think you mean American banks. Where I live you have to put your PIN card into a reader, enter you pin, and then type the number it generates to log into your online account. To send money or buy something on-line, you have to go through the additional step of typing a bunch of numbers generated by the website into the reader. Thus someone has to have physical access to your card and know your PIN to do anything useful with it... except that PIN cards still have magnetic strips for legacy compatibility, i.e., the US.

Re:Even more interesting... (1)

zippthorne (748122) | about 8 months ago | (#44582041)

Does the number show up on the reader, or on the card itself? If it's the reader, you're still not protected from skimming....

Re:Even more interesting... (1)

newcastlejon (1483695) | about 8 months ago | (#44582181)

The parent is talking about a security token, which is sent in the post from the bank. It's unrelated to POS terminals and ATMs, but might be used for CNP transactions by some banks.

Re:Even more interesting... (1)

cusco (717999) | about 8 months ago | (#44585025)

Banks are run by bankers, possibly the only people on the planet who are cheaper than doctors or lawyers. Just look at all the cracks of bank web sites over the last couple of years, and the utter simplicity of most of them (replace your account number in the browser address bar, for example). This is symptomatic of a culture where the low bid is the turning point for deciding the acceptance of a product or service, not competency, security or track record, just price.

Geography for dummies (-1)

Anonymous Coward | about 8 months ago | (#44581163)

Just FYI: Romanians are people who live in Romania, a poor country in eastern Europe.
Sydney is a city in Australia, a country and a continent, and also an island (like Alaska) at south of China.
HTH.

Re:Geography for dummies (0, Flamebait)

Anonymous Coward | about 8 months ago | (#44581197)

Just FYI: whenever you read "Romanian" in the news regarding crime, and it's not related to the country of Romania, it actually means "gypsy"

Re:Geography for dummies (5, Informative)

CRCulver (715279) | about 8 months ago | (#44581311)

Just FYI: whenever you read "Romanian" in the news regarding crime, and it's not related to the country of Romania, it actually means "gypsy"

That would be somewhat more likely if this were a story about petty crime like pickpocketing or car theft (but even there, some amount of ethnic Romanian immigrants are perfectly capable of engaging in petty crime). But when it comes to crime involving computer exploits, they are considerably more likely to be ethnic Romanian and not Roma. For example, this Wired article [wired.com] about online theft involves a number of young people who are not Roma .

Living in Romania myself and seeing it treated like a pariah abroad in spite of the fact that some parts of it are among the best educated and cultured parts of Europe, I am used to the tendency of many to blame the country's ills on the Roma, but good and evil is inside of everyone ethnicity.

This "Romanians = gypsies = criminals" connection is also dangerous one, as it can really mislead people about moving populations in Europe. I spend a lot of time in Finland, and I watched as one community lamented a large Roma tribe that flooded their town each summer, begging, pickpocketing and recycling. They called them "the Romanians" and that formed everyone's opinion about the country. When I tried to start a conversation with one of them in a queue at a supermarket's bottle-return machine, it turned out all of them were from a small town in central Bulgaria. But for some reason, Bulgaria never gets rubbished half as much as Romania.

Re:Geography for dummies (2)

blackraven14250 (902843) | about 8 months ago | (#44581603)

It would also be more likely if the person arrested wasn't described as a "Romanian national" by both the summary and the article.

Re:Geography for dummies (0)

Anonymous Coward | about 8 months ago | (#44581711)

Still, what is the relevance of this? Why is the criminal's ethnicity relevant at all? Are you saying that other nationalities are free from crime? Moreover, they operated in the distant Australia, so they must have had connections to the local criminal groups, too. As far as I know, 3D printers are not popular in Romania (I doubt they are even for sale there, and anyway, why carry one overseas?), therefore it must have been a "joint venture" of Australian, Romanian and possibly other foreign criminals.

But again, why is this relevant? They are criminals regardless of their origins, and criminals usually have a way of getting together when they need to.

Something you need to understand about Australia (0)

Anonymous Coward | about 8 months ago | (#44581811)

Whenever someone is non-Anglo saxon and does something wrong we mention their race to assert our moral superiority over them.

Re:Geography for dummies (0)

Anonymous Coward | about 8 months ago | (#44582509)

Are you saying that other nationalities are free from crime?
No, I believe it only says that some nationalities are significantly more prone to be criminal. And also that the press tries its best to conceal and pervert this fact.

Re:Geography for dummies (0)

Anonymous Coward | about 8 months ago | (#44581663)

It's actually kinda understandable. Romania is finnish for Romania, Romani is finnish for stealing gypsies. We also have home born ones. They are all Romanis no matter where they are actually from. We do understand they come from different countries, and wish they didn't. We also blame the countries they come from for not taking care of them, so they wouldn't have to come. Also, what you are calling begging we call fucking annoying. We don't have beggars, we already pay them collectively to stay inside and watch tv or drink themselves to dead. What you call pickpocketing we also call pickpocketing. We also call our politicians fucking morons for not letting us deal with those pickpockets in a way the civilized world would feel is brutal. What you call recycling we call stealing in most cases. Some bottles are ok, but they have recycled metals from our roofs, and bikes from bike racks. They also recycle all kinds of tools and materials from construction sites. Might sound racists, but 90% of their race gives the remaining 10% a bad name. If it were up to me i'd make it legal to shoot every last of them at the border.

Re:Geography for dummies (1)

drinkypoo (153816) | about 8 months ago | (#44582031)

We don't have beggars, we already pay them collectively to stay inside and watch tv or drink themselves to dead.

And this is where you fail, because you do not understand that we all live on the same planet. As long as you take care of your citizens and say fuck you to the rest of the world, this will keep happening. If you're so wonderful, why not help your neighbors improve? Otherwise some turtle beneath you will move eventually and you will end up in the mud.

Re:Geography for dummies (1)

Anonymous Coward | about 8 months ago | (#44583329)

Education is free in Romania. If the gypsies don't want to change, they will not change. Keeping your younglings in school it's a parent's basic duty. But nobody can enforce that to them. I think that, eventualy, Europe will get used to them. As far as I'm concerned, I don't think they will ever change their stupid ways. Tradition needs to be rethinked when it starts to brake the law. At least the law can be enforced. Crime has no ethnicity.

Re:Geography for dummies (-1)

Anonymous Coward | about 8 months ago | (#44581413)

That just goes to show that you Romanians are not only criminals but also racists. Clean up your own act before putting the blame on others.

Re:Geography for dummies (1)

Anonymous Coward | about 8 months ago | (#44581769)

So, you draw conclusions about an entire nation after analyzing a sample of one? Who's the racist here?

Re:Geography for dummies (2)

LoRdTAW (99712) | about 8 months ago | (#44582137)

Romainians are NOT Gypsies. The Roma people are the peoples called Gypsies who originated from India.

Re:Geography for dummies (1)

CRCulver (715279) | about 8 months ago | (#44582583)

Romainians are NOT Gypsies.

Sorry, but "Romanian" as a label of national origin (which is how it is used most of the time outside of Romania) encompasses both ethnic Romanians and ethnic Roma/Saxons/Hungarians/Banat Bulgarians/Dobrogean Tatars and whoever else was born in the country. Trying to claim that Roma are not Romanians when the word is used in that sense shows a great misunderstanding of how English works.

Re:Geography for dummies (2)

LoRdTAW (99712) | about 8 months ago | (#44582701)

Wait, the point I was trying to make is that not all Romanians are Gypsies otherwise known as Roma people, a subgroup of the Romani people. I never claimed anything. I merely pointed out Gypsies are Roma peoples. Maybe I needed to spell that out better.

In many parts of the world it is often mistaken that Roma = Romanians, meaning all Romanians are mistaken for Gypsies.

Re:Geography for dummies (0)

Anonymous Coward | about 8 months ago | (#44586143)

Unmistakeable sign of a failed western civilization:

truth == flamebait

Re:Geography for dummies (0)

Anonymous Coward | about 8 months ago | (#44581251)

And Australians wrestle crocodiles wearing Akubra hats and go "Cor!"

Alaska is an island? (0)

Anonymous Coward | about 8 months ago | (#44581579)

interesting geographic lesson there, chucklehead

Re:Geography for dummies (0)

Anonymous Coward | about 8 months ago | (#44581627)

Romania, a poor country in eastern Europe.

It depends what you mean by "poor". Being an Eastern European country it's definitely not rich, thanks to the wonderful influence the old USSR used to maintain in the region. But poor it is not, it's just on par with the other countries in the region, such as Hungary or Serbia. And it's an EU member, after all. Have you ever been there?

And no, Alaska is not an island, check your dummy geographic terminology. :-)

So here's a crazy question... (0)

Anonymous Coward | about 8 months ago | (#44581405)

Why not use the camera tech already in the ATM to detect when the ATM is being screwed with, and automatically shut it down, and flag someone to come out and FIX it.

If the assholes never make money this way, they'll stop trying to do it. This is simply a novel security hole that needs to be plugged. OR... make it so if you pull the cover off an ATM without properly disarming it (which you could only do if you were an authorized maintenance person) it shocks the living fuck out of you.

That might also dissuade crooks... speaking of which, I've always kind of wondered, while we're on the topic, you know how banks put those dye things into bags of money so when the crooks leave the bank, they rupture and spray dye all over the cash (marking it) and hopefully the crooks too? Why not use a Thermite grenade instead? Give the bastards something more to think about than, "what are you gonna do with YOUR share of the loot, Lou?"

How long will it take for someone to suggest giving everyone an account linked to their biometric info, and just eliminate cash outright? People may scream about their privacy, but as we've seen, people are perfectly willing to sacrifice privacy for convenience, just as they trade liberty for "security" (which is a fool's bargain if ever there were one, since once the state takes all necessary measures to protect you from the "terrorists", who the hell protects you from the government?

As for me, I stopped using ATM's a long time ago. I take what I need from the INSIDE of the bank each month in cash, and secret it at home. It's never enough to worry excessively about a break-in, (we're not talking thousands, or tens of thousands, more like a few hundred,) and just use THAT as my ATM. No fees, no PIN, no skimming or scamming or any of that other nonsense... ATM's suck anyway, even without all the different ways you can or DO get robbed using them, so why do it?

But I digress. Your move, naysayers.

Re:So here's a crazy question... (2)

ledow (319597) | about 8 months ago | (#44581527)

There's a lot of much simpler security measures that work a lot more effectively. Every time you hear someone come up with elaborate digital security, you have to go back to thinking of basics. Security is simple, and overthinking it is the best way to make it even worse.

Put ATM's in secure places. In the UK, they are almost always just out on the street where anyone can shoulder-surf your PIN. Like in Europe/US put them inside a room that is controlled and monitored.

Make ATM's show you what they should look like. All the time, the ATM should just show you a picture of what it SHOULD look like. This picture should move / flip every now and then so you can see if someone has tampered with the screen. A quick glance and you can tell if that random bit of green plastic on the card slot is SUPPOSED to be there or not (this pisses me off even with genuine ATM's and I don't use them if they have those green slots).

(Incidentally, why do credit card terminals, which have to talk to the bank, not send the card number - or some identifier from the card - to the bank, which sends back a PHOTOGRAPH of the CARD HOLDER which the genuine merchant can use to verify, at least in part, whether it's their card or misuse. Unfakeable, as the photo is from the bank, not from the card, so genuine merchants would be able to spot even wives using their husband's cards - which is still technically not allowed, but is currently ignored. Fuck Chip-and-PIN, give my photo to every merchant I use my credit card with so they know who is me and who isn't and can query if they are uncertain).

Put a shutter on the card slot. When the card is needed, open the shutter. When it's not, shut the shutter. Make it so that ANY device on the card slot would stop the shutter shutting, and this in itself would cause the ATM to disable itself and alarm. No worse a chance of losing the card for the customer than those ATM's who haven't been serviced in a while and the motors barely have the strength to push it back out.

Make fucking cards that can't be "skimmed" and that - without the PIN - are useless. This isn't difficult, and what Chip-and-PIN was always supposed to solve. Then you can skim my card to your heart's content because without my PIN being entered correctly NOTHING happens or provides useful data (we've already sacrificed mag-stripes, so this is no great burden as the cards should ALREADY be useless without the PIN).

SEND SMS MESSAGES to users on every use of their card. Almost every European bank already does this (except for the UK). My Italian girlfriend gets a text within seconds of touching her card anywhere, even in the UK, with details of the transaction. Her dad, too, when he was over here and bought £10 of stuff in a hardware store, and we were able to tell the SHOP STAFF that they'd duplicated the transaction by mistake because he got a text before he even got his card back.

Simple things. Put the cardholders back in control of their cards. The only reason NOT to is that you make money somehow out of not doing this. I can't believe billions of pounds worth of fraud isn't incentive enough to do things like send texts to cardholders, or put little motorised shutters (like some ATMs used to have anyway) on the card slot.

Re:So here's a crazy question... (1)

next_ghost (1868792) | about 8 months ago | (#44581593)

Blah blah blah...

Store a private key on the card so that it cannot be read from the outside without physically damaging the card. Use the card to cryptographically sign transactions after you enter the correct PIN. Problem solved.

The only problem that remains are rogue payment terminals and ATMs which use your own card to overcharge your account. But if you keep track of where you've used your card and when, you have everything the police needs to know and they can either catch the culprit or at least disable the rogue device.

Re:So here's a crazy question... (0)

Anonymous Coward | about 8 months ago | (#44581619)

Chip and pin already does this.

Re:So here's a crazy question... (1)

AK Marc (707885) | about 8 months ago | (#44581661)

And chip has already been broken, at least with rogue terminals. Tell the card that the user selected "sign" and the chip will "approve" the transaction, while capturing the PIN for later use, if desired.

Re:So here's a crazy question... (0)

Anonymous Coward | about 8 months ago | (#44584119)

The PIN should not be entered on the machine, but on the card. It is the only thing that is trusted.

Everything the machine does, should be done on the card.

Re:So here's a crazy question... (1)

PPH (736903) | about 8 months ago | (#44583991)

How long will it take for someone to suggest giving everyone an account linked to their biometric info, and just eliminate cash outright?

NSA/CIA/FBI shill detected.

Given their recent shenanigans, the cashless society has probably been pushed back at least one generation.

Yay new criminals attack vector (0)

Anonymous Coward | about 8 months ago | (#44581479)

Use a 3D printer to print a blade/saw to cut the criminals hands off

Too brutal? Smarter might be special laws for foreigners coming for the open season on consumers and the slap on the wrist if they are caught.

More appropriate to have it make something t o make their stay at the countryclub jail more enjoyable , then???

BAN!!BAN!!!BAN!!! (0)

Anonymous Coward | about 8 months ago | (#44581839)

ZOMG!!!
Printed guns AND now fraud devices !!
These 3d printer tings needs to be banned immediately.

Criminals Use Press and Lathe Too! (1)

Anonymous Coward | about 8 months ago | (#44583251)

WTFC's? Criminals have used lathes, presses, drills, hammers, laptops, PC's, all sorts of tools in the past! So, they use another tool, in this case the dastardly 3D Printer! OOOHH! Who really cares???

Some authors at /. absolutely cream themselves at the mere mention of a 3D Printer. Get over it already. They've been around awhile. Why the recent interest? Yeah, what I thought, a corporate sales scheme has infiltrated /. once again.

3D Printer! 3D Printer! 3D Printer! 3D Printer! 3D Printer! There... hope I just made your day.

Well (1)

The Cat (19816) | about 8 months ago | (#44583297)

Whatever it takes to make 3D printing illegal.

You do realize it's about making 3D printing illegal, right? That Guangdong gravy train must go on.

chip and pin? (0)

Anonymous Coward | about 8 months ago | (#44584045)

i thought debit cards in Australia have microchips? or only cards issued in Europe?

A picture is worth a thousand words. (1)

MarkvW (1037596) | about 8 months ago | (#44584429)

ATMs ought to display a picture of what they are 'supposed' to look like. Might help fight the assholes with the skimmers.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...