credit card sniffers found in field

Ray Dillinger bear at sonic.net
Mon Jun 25 18:11:40 PDT 2001 



On Mon, 25 Jun 2001, John Doe #N wrote:

>http://www.msnbc.com/news/589575.asp
...
>            Visa International and other terminal
>            makers caution that use of the James
>            Bond-esque device is hardly
>            widespread.


I can't imagine why not.  It's not as though the hardware 
is difficult to fabricate or purchase, and driver source 
code is just all over the place for free.  Here's a convenient 
package with all the electronic parts necessary, selling for 
under $80.  
    http://www.register5.com/register5/magmin.html

(You can probably find it cheaper, that's just the first place 
I looked)

Add a microdrive and one of those PC-on-a-chip things with a 
386 plus minimal hardware and a teeny linux distribution, like 
you can find at http://www.tiqit.com for under $1000, then 
download the appropriate driver from the reader manufacturer, 
compile it with gcc, and you're in business. 

It would take about two days to build this device, cost under 
$1500, and the driver is so dead-simple it's probably no 
effort at all to port, but allocate another day of work for 
that.  After that it's just a matter of dumping the info to 
the hard drive and writing a script to phone home once in 
a while.  

Any geek with about $1500 to spend and a few days to put it 
together could build the equivalent device; don't marvel at 
the high-tech, 'cause card-reader drivers are publicly 
available, even simpler than a keyboard driver, and the 
hardware is prefab.

The only remotely-interesting question is how and when did 
the perps get private access to the gimmicked card readers? 
Or were the card readers compromised before they were 
installed?

If you've got an hour or so with a good scope, you can even 
save yourself the cost of the card reader and associated 
fab problems mounting it into the card reader machine; 
just tap the relevant wires from the card reader that is 
already installed in the device.  However, this would 
require you to write your own driver and put some diodes 
on the lines so you don't interfere with the other system 
driving the mag readers, so it's technically harder.


				Bear

More information about the cypherpunks-legacy mailing list