Text

SkimmersHi-tech, Low Cost, Data Breaches Effecting Small Businesses

www.DataSpecialistGroup.com

PurposeProvide a general understanding of skimmers in the community

Provide a general understanding of skimmers effecting small to medium sized businesses

Offer practical understanding of items that need to be retained for an digital forensics investigation

Provide an understanding of how digital forensics play a role in prosecuting or defending cyber breaches and theft of work product

Skimming 101A skimmer is an electronic device that is capable of intercepting data without being noticed

Some skimmers have their own internal memory, others are wireless

Skimmers are most commonly found in locations that see a large number of card transactions such as ATM’s, gas pumps, doctors offices, nursing homes, and retail stores

The greatest risk to any business today is no longer the common shoplifter or pilferer. Theft of work product data can not only cripple a business, it can also subject the business to lawsuits and/or state fines

Employee’s are often accomplices in cyber breaches

Define Thief?

Gas Pump Skimmer

Beware of voided tamper tape

Text

Small Business Cyber Breaches

Why attack small businesses ?Improperly installed service provider hardware such as routers and computers

Low or no security on information technology

Poor or no Internet use policy

Owner shares business wifi with employees

No Internet intrusion monitoring or logging 

Breach will take months or years before the it is detected

Victim is most likely to erase evidence of the breach via anti-virus or anti-malware

Victim will most likely trample the crime scene

Victim most likely will not report a breach, fearing it will subject them to legal action or loss of business

Smart Phone Skimmer$10 magnetic strip reader converts signal to audio

Audio signal can be recorded to a smart phone and converted later

Free software such as Makstripe is used to parse audio signals into credit card data. The program also writes data to cards (see https://cansecwest.com/slides06/csw06-malfunction.pdf)

Anything with a magnetic strip can be turned into a credit card

Anything using magnetic strip technology can be cloned, including but not limited to hotel keys, theme park cards, access cards, and drivers licenses

Can be found in any business that handles credit card data, particularly when employees have closed access to the card (restaurants, bars, food trucks, fairs)

Inner Office and Retail Skimmers

Undetectable by operating system

Wifi Keystroke loggers can use your existing wifi connection, personal Hot Spot or an Adhoc connection to any smart phone or laptop

Wireless Keystroke Logger

Built for as little as $10, Samy Kamkar's KeySweeper secretly "sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity."

Can be found during using technical countermeasures sweep

Device is configured to send text messages back to the operator when a specific keyword(s) is used. Also works as a standard key logger sending all keystrokes over the Internet or cellular broadband. When keystrokes can not be transmitted, they are stored on a flash chip to be "delivered wirelessly” when a secondary KeySweeper device is in range. Triggering keywords can be specific usernames or prefixes to credit card numbers.

Text

Video Ghost Records all images on target computer screen

Removable Operating SystemsOperating systems such as “Tails” are loaded onto a thumb drive

Target computer is booted from the removable media device

When used with Tor Browser activity is hard to detect

User can remotely access target locations via “Team Viewer, Joinme, and RealVLC”

Undetectable in the office

Can be used to implicate a particular device or user

Case Study

Laptop was seized from a party suspected of committing credit card fraud

The Laptop would not boot due to a bad hard drive

Laptop contained a small 8GB SD card

8GB SD Card ContentsUbuntu Operating system

Instructions on building skimmers

Manuals for card swipes/readers

Manual for card writer

Usernames and passwords

Screen shots of foreign bank computer screens

Photoshopped credit cards

Hundreds of credit card numbers

Personal information from various users

Note: Micro SD Cards are available in 128GB and larger

Wifi Spoofing (under $10)Existing trusted Wifi SSID is cloned or spoofed (Starbucks, hotel or hot spot)

Wifi device one is used for incoming traffic, wifi device two is used to attach to a trusted wifi

Laptop running network sniffing tool becomes the man in the middle and collects data

Employees can use any smart phone to sniff network traffic

Some smart phones are also portable hard drives

Android and Blackberry phones can be used to hide bootable SD cards with removable operating systems

What should you do?Do not touch or manipulate any of the hardware or software involved

Contact a reputable company that deals with digital evidence to validate your suspicions

Go to www.DataSpecialistGroup.com/publications to download our free “Guide for First Responders”

PrecautionsDon’t think this can’t happen to you

Do not share your wifi

Change your wifi password and other passwords monthly or when employees leave

Have a written policy that covers use of company systems

Physically secure network hardware

Never share usernames and passwords

Use keycards or biometric passwords

Retailers should only use encrypted credit card machines

Never use wireless keyboards

Periodically inspect and or photograph the connections to your computers and other systems

Never use the default router from the service provider

Never ever use free internet anywhere for any reason

Have your information systems installed professionally

Have your systems inspected by a professional who handles both physical and data security

Create a written policy on who to contact in the event of a breach

Know the state laws and understand what your reporting obligations are

Get Cyber Insurance