
Fake ATM doesn't last long at Defcon - abennett
http://www.itworld.com/security/73295/fake-atm-doesnt-last-long-hacker-meet
======
devicenull
I'm surprised no one started taking it apart

~~~
Torn
Yeah, I was expecting a story of how the hackers had reverse-engineered the
device and found details of the skimmers

------
rosser
It's particularly galling because the fake ATM was put _right outside the
security entrance_. I'd almost be willing to bet that any account number/PIN
tuples gained from this (if they were collected before the unit was
discovered) won't be used. This was someone making a point, and they did an
excellent job of it.

------
tlrobinson
I seriously doubt the "criminals" who did this didn't know Defcon was taking
place. They most likely were attendees pulling a prank to make a point.

There's other similar shenanegans at Defcon, like the Wall of Sheep, which
sniffs network traffic for unencrypted logins and displays them (with most of
the password obscured) on a projector screen.

------
daeken
How do the property managers not realize that someone has dropped off an ATM
that isn't supposed to be there? Is it just me or does it seem like the
properties are partially responsible if someone gets ripped off by this?

~~~
paulbaumgart
They're probably just as naive as I was (before reading the article) about the
existence of fake ATMs set up by scammers. I don't think it's common knowledge
that this happens, is it?

~~~
daeken
If someone set up a Coke machine that stole people's dollars, do you think
they'd notice? This doesn't have anything to do with the scam, but simply
being completely oblivious as to what's going on in your place of business.

~~~
dkokelley
I don't think the people at the front desk are aware of which contracts for
vending machines or ATMs. They could have had 4 guys bring it in and make up a
slick story about how they had a work order to install the machine and the
front desk would probably not have the authority to act in any direction other
than send the info up the chain.

------
ephermata
Unfortunately, it now appears that there were other fake ATMs around, these at
the Rio. These were not removed promptly. A friend of mine is out $200 and
some of his friends are out more. Worse, no one can seem to figure out which
law enforcement agency is responsible. See @chrispaget on twitter, e.g.
<http://twitter.com/ChrisPaget/status/3100154939>

and following.

------
jacquesm
When you walk in to Defcon you'd better be prepared at _every_ turn, that
includes any equipment you interact with.

Imagine the scoop if they had gotten away with it cleanly. Everybody is
concentrating on the latest wifi snooping hack meanwhile some joker walks off
with the account info / pin numbers of half the attendees.

If the attendants of a security conference can be scammed like this it is
really no surprise that it happens to the general public on a daily basis. I
don't use any ATMs that are not 'wall mounted', always check the slot if it is
securely attached and doesn't have extra reader heads.

And in spite of all that I still had a card cloned in a restaurant in
Toronto... the bank was pretty good about it but it was still surprising to be
so careful and still get cloned.

Pretty stupid of the person cloning the card to use it the same evening, that
narrowed it down quite a bit.

------
mynameishere
The day I use an ATM machine that isn't physically attached to my bank is the
day I die.

You know, with the fees and all.

~~~
staunch
You probably drive across town looking for $0.01 cheaper gas, right? :-)

~~~
zackattack
People are irrational: they are loss-averse; subject to endowment effects;
randomly switch between social and economic valuations of their time.

