20140121-Gas&Garbage

Gas Pumps & Garbage Cans

There has been an indictment on a group that installed skimmers inside gas pumps in the New York area. Trash cans in the City of London were snooping on people throwing trash in bins.

Trash cans that snoop on you

During and after the 2012 Olympic games a firm installed some 200 bomb-proof bins with digital screens and wireless networking (WiFi) to display advertisements. In June 2013 that shifted to scanning for smartphones and recording the unique media access control (MAC) which could be traced to a manufacturer. Then it could determine the distance from the trash bin. If the smartphone was stationary it would record for how long. If the smartphone was moving it would record in what direction and speed. In just one week these trash bins tracked over 4 million devices. There are two diverse points of view.

[ the company who placed the trash bins said ] …. “the law has not yet fully developed and it is our firm intention to discuss any such progressions publicly first and especially collaborate with privacy groups…to make sure we lead the charge on this as we are with the implementation of the technology.”

… Big Brother Watch – a civil liberties and privacy pressure group – said that questions need to be asked “about how such a blatant attack on people’s privacy was able to occur.”

In August 2013 the City of London ordered that this ‘spy bin’ program cease.

For more see
http://rt.com/news/trash-bin-surveillance-wifi-402/
and
http://bigstory.ap.org/article/uk-firm-must-stop-tracking-people-trash-cans

Gas Pump Skimmers

This group stole more than $2 million and then withdrew it in amounts below the statutory floor for banks to report cash transactions. There was an indictment in New York yesterday, but this group appears to have also cracked machines in Georgia, South Carolina and Texas.
 
How did they do it? A skimmer is a device that attaches to a card receiver such as those found at gas pumps and automated teller machines (ATMs). The skimmer can be external so the card passes thru it before entering the proper slot, or internal and improperly copy the scanned information. The internal ones are not detectable by consumers. The external ones may be visible, but are often well crafted to appear as a proper part of the machine.

Excellent article on ATM skimmers
http://arstechnica.com/security/2013/02/how-alleged-crooks-used-atm-skimmers-to-compromise-thousands-of-accounts/

For more on skimmers in general see
https://krebsonsecurity.com/all-about-skimmers/

This group used internal skimmers that could transmit their information via short range BlueTooth. The crooks could drive up to the pump, one would get gas while another another, armed with nothing more than a laptop, would download the stolen information.
 
In New York there were indictments for

… thirteen defendants for stealing victims’ banking information with skimming devices at gas stations throughout the Southern United States, and using that information to steal, and then launder, more than $2 million using ATMs and banks in Manhattan. The defendants are also charged with laundering the stolen money by making cash deposits and withdrawals of stolen proceeds under $10,000 in more than 70 different bank accounts.

From the press release of the New York County District Attorney
http://manhattanda.org/press-release/da-vance-identity-theft-ring-indicted-multi-million-dollar-credit-card-skimming-and-at

The installation procedure:

… Two or three suspects exit vehicle, look around for people watching them, then pretend to pump gas by placing the dispenser into the gas tank. One suspect will eventually enter the store, pay cash to purchase a small amount of gas or a drink to distract attention away from the pump. Meanwhile, another suspect places a skimming device inside the pump by opening the front with a universal key. Time to install/remove is between 5 – 10 minutes.”

more on the story at
http://krebsonsecurity.com/2014/01/gang-rigged-pumps-with-bluetooth-skimmers/

Why a “universal key” for multiple pumps? One argument is that these are necessary so that fire departments can disable a pump in case of fire. Is there not a single, centralized disconnect for all pumps?
 
Debit card users might not want to use them at gas pumps given the limited protections provided to debit card users compared to credit card users.

 
 

Return to 2014 details page
Year links page
Return to References page

Links above were active at the time they were gathered. Links shown in non-hypertext (not clickable) are known to be no longer supported on their hosts.