A few weeks ago, Juniper Networks announced that they would not be giving a talk on ATM security vulnerabilities at the DEFCON 17 conference in Las Vegas. Perhaps then it is slightly ironic that attendees at that very conference would end up uncovering ATM card skimming scams.
According to reports, attendees at the conference noticed something strange about an ATM at the Riveria Hotel, where the event was hosted. Though on the surface it seemed normal, the machine was anything but. When someone shined a flashlight on the screen where there would normally be a camera, and instead noticed there was a PC inside.
Conference organizers notified law enforcement, who took the machine away. It is unknown just how long the machine had been there.
It was one of two known run-ins DEFCON attendees had with rogue ATM machines. At the Rio All-Suite Hotel and Casino, DEFCON presenter Chris Paget crossed paths with another malicious ATM and had $200 stolen from his account. Local law enforcement and the U.S. Secret Service are reportedly investigating the incident.
ATM skimming operations are nothing new. However the idea of cyber-thieves using malware to infect machines has added a new dimension to the scam and has been the subject of recent research from both Juniper and Trustwave. In the latter case, Trustwave uncovered malware on 20 ATM machines in Russia and Ukraine designed to allow hackers to swipe everything from cash to PIN codes.