Used ATM contains thousands of credit card numbers

Posted by Robert Siciliano on November 16th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

After the DefCon ATM debacle, in which hackers hacked hackers by setting up a fake ATM in front of the facility's security office, I needed to find out how stupidly easy it is to buy and install an ATM. So my search began.

I found plenty of new and used ATMs at prices ranging from $500 to $2500 on eBay, but quickly decided that I didn’t want to pay another $300 for shipping. Next was Craigslist, where anyone can rent an apartment, buy a boat, get an erotic massage, or buy an ATM.

I quickly found an ad from a bar north of Boston. They were selling pool tables, neon Budweiser signs, and an ATM. I took my hacker friend with me to meet Bob, who lived above the bar and was taking care of the sale on the owner's behalf. The bar was closing and liquidating its assets. The ATM was sitting right next to the bar, sticky with beer. Fortunately, the keypad was protected by clear plastic. While Bob was giving us the history of the ATM and explaining how to operate it, he farted.

Needless to say, I wanted to unbolt this thing as quickly as possible, get out of there, and douse myself in hand sanitizer. After my hacker friend played with the manual, got it working, and determined that it was worth the financial risk, we loaded it on my trailer, paid $750 (negotiated down from a grand), and brought it back to my garage.

There’s something about having an ATM in your garage that makes for a restless night of sleep, as if the next day is Christmas. Around 5 AM the next morning, I used an entire bottle of Windex, a whole roll of paper towels, and four pairs of rubber gloves to give this thing an enema.

My hacker friend came over to my garage, manual in hand, all giggly, and says, “Watch this.” He punched in the master codes to access the machine's stored data, and hundreds of credit and debit card numbers began falling all over the floor. A few days later, another friend and I devised an evil plan to scam millions of dollars from unsuspecting suckers and then spend the rest of our lives island hopping and buying a villa in Sicily. But my wife said no.

Here's the first of a few upcoming videos of what happened next. I'll share more of my ATM adventures as they occur. There's a lot more to this story, so stay tuned!

To protect yourself from these types of scams, pay attention to your bank and credit card statements, and refute any unauthorized charges within 60 days. You might consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details and look for anything that seems out of place. If your card gets stuck or you notice anything odd about the machine's appearance, such as wires, tape, error messages, or a missing security camera, or if the machine seems unusually old and run down, don’t use it. Try to use ATMs in more secure locations. Cover your PIN as you enter it.

And invest in identity theft protection. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses ATM scams on Fox.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• If I install Identity Guard, will it automatically uninstall Norton?
• Data Breach Alert: City website exposes firefighters personal information
• Google "G Drive" online backup service rumored to be launching soon
• Vonage iPhone App Coming Soon?