Pro Skimmers: How’d they do it? (and biohacking Tesla style)

Brian Krebs has an interesting new skimmer up. It was built into a point-of-sale PIN pad. To install it, the criminals made eight quite precise solder conections to what looks like SMD vias on the host device’s PCB. In other words, they weren’t popping these things open in the store when nobody was looking. But they probably weren’t doing it at the factory, either.

They made a total of 12 solder connections, which involved removing the host device’s main PCB. I’m assuming from the description that they modified devices that were already present at the store.

What does this tell us about the crooks’ operations?

My thoughts: the connections took some electronics experience to make, and probably required at least half an hour working time (with practice) including margin of error for correcting mistakes. This means the devices were probably taken out of the store. Most logical would be a mobile-locksmith style van with a soldering station.

Biohacking: I take it everyone knows the story about Mark Twain visiting Tesla’s lab, and crapping his pants after he stood too long on Tesla’s vibrating therapy platform? (http://www.excludedmiddle.com/earthquake.htm http://www.rexresearch.com/teslamos/tmosc.htm)

I was very amused to read about a 30Hz vibration platform for yoga practitoners, based on Russian space medicine research from the 60s:
http://www.bengreenfieldfitness.com/2013/01/my-personal-notes-from-the-bulletproof-biohacking-conference/

https://krebsonsecurity.com/2013/02/pro-grade-point-of-sale-skimmer/

“The picture below shows the card skimmer in more detail. The entire green square circuit board with the grey square heat shield and the blue element to the left are the brains of the device. The eight-legged black component in the upper right is the memory module that stored stolen credit and debit card and PIN data from unwitting store customers.

Beneath the large grey heat shield in the center of the circuit board are the chips that control the Bluetooth radio. That entire component is soldered to the base of the board. The blue and white wires leading from the skimming device connect the skimming module to the card reader on the point-of-sale device, while the group of eight orange wires that come out of the bottom connect directly to the device’s PIN pad. The Bluetooth point-of-sale skimmer, up close.

The Bluetooth point-of-sale skimmer, up close.

The image below shows the eight orange wires from the skimmer soldered to the POS device. Spruill said the quality of the soldering job indicates this was not made by some kid in his mom’s basement.

“One of the reasons suggesting that the attacker was fairly accomplished is the quality of the solder done with those very small connections to the PIN pad,” he said.

A close-up showing the orange wires from the skimmer soldered to the PIN pad.

A close-up showing the orange wires from the skimmer soldered to the PIN pad.

The reverse side of the skimmer circuit board is shown in the somewhat blurry picture below. Clockwise from the top are the yellow and white wires that connect the skimmer to the POS device’s power and ground, respectively. The six open holes running down the bottom right of the board can be used to program the micro controller (the big black chip in the center). The blue and white wires at seven o’clock connect the POS device’s PIN pad to a Magtek chip. Spruill said while Magtek is the technology that’s in virtually every card reader out there, the entire circuit board appears to have been custom made — and possibly mass-produced — to be used expressly for skimming POS devices.”

Advertisements
%d bloggers like this: