Rss

Archives for : STEAL THEFT

NZ Man in court over alleged $1.2m scammed from pensioners

scam-signs-multiples-image-www-scamfakes-com

A 48-YEAR-OLD Kiwi has been extradited back from New Zealand to face 21 boiler room fraud charges that police claim stripped retirees of their superannuation and others to the tune of $1.2 million.

The man, who is due to appear in Maroochydore Magistrates Court this afternoon, was the alleged ringleader of the Gold Coast-based scam, police claim.

Victims were lured into the scam with cold calls or by visiting websites set up by the group, Detective Senior Sergeant Daren Edwards alleged.

They were drip fed a small amount of cash to get them to pour more in.

He said the “callous” alleged fraudster had blown most of the $1.2 million on a luxury Gold Coast lifestyle and police did not yet have any assets to strip from the man.

“It was to do with safe racing and betting,” Sen Sgt Edwards said.

“Some of the allegations are that some of the complainants received some of the funding back so they appeared they were getting returns however that was just a phoenix set up. Once an investor put money in they would drip feed some of the other investors money to give the false impression they were getting money,” he alleged.

Snr Sgt Edwards alleged one West Australian victim invested $300,000 into the scam while another Sunshine Coast man in his 70s put in more than $70,000.

A second man has been charged on the Gold Coast.

club-libido-banner-schoolgirls-x-2

Henry Sapiecha

Hackers Are Emptying ATMs With a Single Drilled Hole and $15 Worth of Gear

atm-hack-image-www-scamsfakes-com

Not so long ago, enterprising thieves who wanted to steal the entire contents of an ATM had to blow it up. Today, a more discreet sort of cash-machine burglar can walk away with an ATM’s stash and leave behind only a tell-tale three-inch hole in its front panel.

Researchers from the Russian security firm Kaspersky on Monday detailed a new ATM-emptying attack, one that mixes digital savvy with a very precise form of physical penetration. Kaspersky’s team has even reverse engineered and demonstrated the attack, using only a portable power drill and a $15 homemade gadget that injects malicious commands to trigger the machine’s cash dispenser. And though they won’t name the ATM manufacturer or the banks affected, they warn that thieves have already used the drill attack across Russia and Europe, and that the technique could still leave ATMs around the world vulnerable to having their cash safes disemboweled in a matter of minutes.

“We wanted to know: To what extent can you control the internals of the ATM with one drilled hole and one connected wire? It turns out we can do anything with it,” says Kaspersky researcher Igor Soumenkov, who presented the research at the company’s annual Kaspersky Analyst Summit. “The dispenser will obey and dispense money, and it can all be done with a very simple microcomputer.”

Drill, Baby, Drill

For Kaspersky, the mystery of the drilled ATMs began last fall, when a bank client showed them an emptied cash machine whose only evidence of tampering was a golf-ball sized hole next to its PIN pad. To hide their tidy surgery, the thieves had even covered the entry point with a sticker. Eventually, the researchers learned of close to a dozen similar ATM heists. And when police arrested a suspect in one of the cases, they found a laptop, along with a cable he’d apparently snaked into the PIN pad hole. “Just a laptop, some wiring, and a hole in the ATM, that’s it,” says Soumenkov.

Kaspersky’s researchers already had the same model of ATM in their test lab, one that’s been in wide use since the 1990s. They removed its front panel to find a serial port that would have been accessible from the thieves’ hole. It connected to a wire that ran through the ATM’s entire internal bus of components, from the computer that controlled its user interface to the cash dispenser. Then the researchers spent five solid weeks with an oscilloscope and logic analyzer, decoding the protocol of the ATM’s internal communications from raw electric signals. They found that the machine’s only encryption was a weak XOR cipher they were able to easily break, and that there was no real authentication between the machine’s modules.

In practical terms, that means any part of the ATM could essentially send commands to any other part, allowing an attacker to spoof commands to the dispenser, giving them the appearance of coming from the ATM’s own trusted computer.

Eventually, the researchers were able to build their own device capable of sending cash-ejecting commands through just that exposed port. Their compact gadget, far smaller than even the arrested suspect’s laptop, consisted of only a breadboard, an Atmega microcontroller of the kind commonly found in Arduino microcomputers, some capacitors, an adapter, and a 9 volt battery. All told, it took less than $15 worth of equipment.

In their tests, the researchers found their finished tool could trigger the cash dispenser within seconds of connecting, and then spew as many bills as they wanted. The only limit to the attack’s speed came when the ATM’s computer “noticed” the dispenser acting independently and rebooted. But the researchers say that they could extract thousands of dollars before the reboot kicked in, and afterward they could simply repeat their attack, pulling more cash out of the machine until it was empty.

Easy Marks

Kaspersky says it’s alerted the vulnerable ATM manufacturer to the technique, but there’s no easy patch for the problem: The units’ software can’t be updated remotely. A fix, Kaspersky researchers say, will require replacing hardware in the ATMs to add more authentication measures—or failing that, adding physical security measures, like access controls and surveillance cameras, that might prevent thieves from daring an in-person raid on the machines. WIRED reached out to the ATM Industry Association for comment, but the trade group didn’t respond by the time of publication.

ATMs are a frequent hacker target. Lately, attacks from Thailand and Taiwan to Russia have infected banks’ own networks with malware that’s been used to trigger ATM cashouts. In tightly coordinated operations, money-mules retrieve the stacks of bills in person from the victim bank’s cash machines. In their conference talk Monday, Kaspersky researchers also revealed a new form of ATM malware they’ve found, which they say had been planted through stealthy fileless infections of banks in Russia and Kazakhstan. And other physical access attacks have planted malware on machines by opening their cases—either picking or breaking the panels’ locks—or used that physical access to a machine’s internals to connect a hacking tool directly to the cash dispenser.

www.crimefiles.net

But the Kaspersky researchers say the drill technique represents a simpler and stealthier path to an ATM’s innards. Breaching a bank’s back-end network requires far more sophisticated network intrusion skills, while opening the machine’s panel to plant malware or to connect a tool directly to the cash dispenser triggers an alarm. Drilling a gaping hole in the front of the machine, in this case, doesn’t set off that same warning.

Physical attacks on ATMs are, in some sense, an unsolvable problem. Computer security experts have long warned that no computer should be considered secure if an attacker takes physical control of it. But weak encryption and a lack of authentication between components leaves ATMs particularly vulnerable to physical attacks—access to any part of the insecure machine Kaspersky describes means access to its most sensitive core. And for computers that are left standing unprotected on a dark street in the middle of the night, stuffed full of money, a little more thought to digital security might be a worthwhile investment.

www.intelagencies.com

yunklooo

Henry Sapiecha