skimmers - dataspecialistgroup.com · wireless keystroke logger built for as little as $10, samy...
TRANSCRIPT
Text
SkimmersHi-tech, Low Cost, Data Breaches Effecting Small Businesses
www.DataSpecialistGroup.com
PurposeProvide a general understanding of skimmers in the community
Provide a general understanding of skimmers effecting small to medium sized businesses
Offer practical understanding of items that need to be retained for an digital forensics investigation
Provide an understanding of how digital forensics play a role in prosecuting or defending cyber breaches and theft of work product
Skimming 101A skimmer is an electronic device that is capable of intercepting data without being noticed
Some skimmers have their own internal memory, others are wireless
Skimmers are most commonly found in locations that see a large number of card transactions such as ATM’s, gas pumps, doctors offices, nursing homes, and retail stores
The greatest risk to any business today is no longer the common shoplifter or pilferer. Theft of work product data can not only cripple a business, it can also subject the business to lawsuits and/or state fines
Employee’s are often accomplices in cyber breaches
Define Thief?
Gas Pump Skimmer
Beware of voided tamper tape
Text
Small Business Cyber Breaches
Why attack small businesses ?Improperly installed service provider hardware such as routers and computers
Low or no security on information technology
Poor or no Internet use policy
Owner shares business wifi with employees
No Internet intrusion monitoring or logging
Breach will take months or years before the it is detected
Victim is most likely to erase evidence of the breach via anti-virus or anti-malware
Victim will most likely trample the crime scene
Victim most likely will not report a breach, fearing it will subject them to legal action or loss of business
Smart Phone Skimmer$10 magnetic strip reader converts signal to audio
Audio signal can be recorded to a smart phone and converted later
Free software such as Makstripe is used to parse audio signals into credit card data. The program also writes data to cards (see https://cansecwest.com/slides06/csw06-malfunction.pdf)
Anything with a magnetic strip can be turned into a credit card
Anything using magnetic strip technology can be cloned, including but not limited to hotel keys, theme park cards, access cards, and drivers licenses
Can be found in any business that handles credit card data, particularly when employees have closed access to the card (restaurants, bars, food trucks, fairs)
Inner Office and Retail Skimmers
Undetectable by operating system
Wifi Keystroke loggers can use your existing wifi connection, personal Hot Spot or an Adhoc connection to any smart phone or laptop
Wireless Keystroke Logger
Built for as little as $10, Samy Kamkar's KeySweeper secretly "sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity."
Can be found during using technical countermeasures sweep
Device is configured to send text messages back to the operator when a specific keyword(s) is used. Also works as a standard key logger sending all keystrokes over the Internet or cellular broadband. When keystrokes can not be transmitted, they are stored on a flash chip to be "delivered wirelessly” when a secondary KeySweeper device is in range. Triggering keywords can be specific usernames or prefixes to credit card numbers.
Text
Video Ghost Records all images on target computer screen
Removable Operating SystemsOperating systems such as “Tails” are loaded onto a thumb drive
Target computer is booted from the removable media device
When used with Tor Browser activity is hard to detect
User can remotely access target locations via “Team Viewer, Joinme, and RealVLC”
Undetectable in the office
Can be used to implicate a particular device or user
Case Study
Laptop was seized from a party suspected of committing credit card fraud
The Laptop would not boot due to a bad hard drive
Laptop contained a small 8GB SD card
8GB SD Card ContentsUbuntu Operating system
Instructions on building skimmers
Manuals for card swipes/readers
Manual for card writer
Usernames and passwords
Screen shots of foreign bank computer screens
Photoshopped credit cards
Hundreds of credit card numbers
Personal information from various users
Note: Micro SD Cards are available in 128GB and larger
Wifi Spoofing (under $10)Existing trusted Wifi SSID is cloned or spoofed (Starbucks, hotel or hot spot)
Wifi device one is used for incoming traffic, wifi device two is used to attach to a trusted wifi
Laptop running network sniffing tool becomes the man in the middle and collects data
Employees can use any smart phone to sniff network traffic
Some smart phones are also portable hard drives
Android and Blackberry phones can be used to hide bootable SD cards with removable operating systems
What should you do?Do not touch or manipulate any of the hardware or software involved
Contact a reputable company that deals with digital evidence to validate your suspicions
Go to www.DataSpecialistGroup.com/publications to download our free “Guide for First Responders”
PrecautionsDon’t think this can’t happen to you
Do not share your wifi
Change your wifi password and other passwords monthly or when employees leave
Have a written policy that covers use of company systems
Physically secure network hardware
Never share usernames and passwords
Use keycards or biometric passwords
Retailers should only use encrypted credit card machines
Never use wireless keyboards
Periodically inspect and or photograph the connections to your computers and other systems
Never use the default router from the service provider
Never ever use free internet anywhere for any reason
Have your information systems installed professionally
Have your systems inspected by a professional who handles both physical and data security
Create a written policy on who to contact in the event of a breach
Know the state laws and understand what your reporting obligations are
Get Cyber Insurance