credit card sniffers found in field
Ray Dillinger
bear at sonic.net
Mon Jun 25 18:11:40 PDT 2001
On Mon, 25 Jun 2001, John Doe #N wrote:
>http://www.msnbc.com/news/589575.asp
...
> Visa International and other terminal
> makers caution that use of the James
> Bond-esque device is hardly
> widespread.
I can't imagine why not. It's not as though the hardware
is difficult to fabricate or purchase, and driver source
code is just all over the place for free. Here's a convenient
package with all the electronic parts necessary, selling for
under $80.
http://www.register5.com/register5/magmin.html
(You can probably find it cheaper, that's just the first place
I looked)
Add a microdrive and one of those PC-on-a-chip things with a
386 plus minimal hardware and a teeny linux distribution, like
you can find at http://www.tiqit.com for under $1000, then
download the appropriate driver from the reader manufacturer,
compile it with gcc, and you're in business.
It would take about two days to build this device, cost under
$1500, and the driver is so dead-simple it's probably no
effort at all to port, but allocate another day of work for
that. After that it's just a matter of dumping the info to
the hard drive and writing a script to phone home once in
a while.
Any geek with about $1500 to spend and a few days to put it
together could build the equivalent device; don't marvel at
the high-tech, 'cause card-reader drivers are publicly
available, even simpler than a keyboard driver, and the
hardware is prefab.
The only remotely-interesting question is how and when did
the perps get private access to the gimmicked card readers?
Or were the card readers compromised before they were
installed?
If you've got an hour or so with a good scope, you can even
save yourself the cost of the card reader and associated
fab problems mounting it into the card reader machine;
just tap the relevant wires from the card reader that is
already installed in the device. However, this would
require you to write your own driver and put some diodes
on the lines so you don't interfere with the other system
driving the mag readers, so it's technically harder.
Bear
More information about the cypherpunks-legacy
mailing list