undefined | Better HN

0 pointsjoenathan12y ago0 comments

I did read the article in full, also what does it matter who wrote it?

A skimmer and a keylogger are two very distinct things. When I read the title I was interested to find out how the skimmers were placed, placing a keylogger takes much less skill and craft, it's a piece you can buy in bulk, whereas placing a skimmer usually requires a different class of criminal, skimmers often have to be fabricated for each location.

0 comments

cynwoody12y ago

It's a matter of semantics. What does "to skim" mean?

I read the article to mean that the bad guys were using key loggers to skim mag stripe images out of the keyboard data stream (from mag stripe readers attached via "wedges"). That's one level of threat.

Your link, however, calls to mind a higher level threat that happened in Rhode Island a while back. Bank customers were disavowing ATM withdrawals. Bank security noticed that the complaining customers had all used their debit cards at the same all-night Stop & Shop. A review of the store's security video showed a gang of four guys coming in during third shift and installing hacked PIN pads at the registers while keeping the thin staff distracted. They were busted when they returned to harvest their next haul of debit card details.

How they compromised the PIN pads I do not know. PIN pads are supposed to be sealed and tamper-proof. Your PIN is supposed to be encrypted before it leaves the keypad and decrypted only when it reaches the payment processor. The encryption key is supposed to be erased if someone tampers with the device. In order for the hack to work, they would need to be recording the mag stripe data along with cleartext PINs.

I see it happened to Barnes & Noble more recently and on a larger scale:

http://www.esecurityplanet.com/hackers/hackers-compromise-ba...

joenathanOP12y ago

To skim means to remove "something" from the top(usually referring to liquids). Which makes sense to use to refer to a device that sits atop a card reader.

https://www.google.com/search?q=card+skimmer&safe=off&source...

One thing to remember is that keyloggers have been around much longer than card skimmers, keylogger is a well known and well defined term.

http://en.wikipedia.org/wiki/Hardware_keylogger

https://www.google.com/search?q=hardware+keylogger&safe=off&...

It's all very interesting to watch as criminals become more sophisticated.

willvarfar12y ago

Not knowing this case, but the general way to read a pin is a cheap thermal camera filming the keypad. After you remove your hand, your presses remain hot for a short while, and they can even usually recover the order by the relative warmth too.

They also want to film the underside of the card to read the three digit code.

j / k navigate · click thread line to collapse