Aussie ATM criminals embrace 3D printers for cashpoint crimes


In our recent #sophospuzzle, we gave away a 3D printer as a prize.

The winner was pretty pleased, and although it hasn’t arrived yet, he’s already emailed us with some ideas of what he’s thinking of using it for. (Nothing controversial, honest!)

3D printers work by building up an object layer by layer, typically out of some kind of polymer, accumulating material in the desired pattern until you have a finished product.

The trendy term for this is additive manufacturing, unlike a milling machine, which cuts away the parts you don’t want until what’s left behind is the finished product.

As you can probably imagine, it didn’t take long for controversial uses to emerge for 3D printers, and one of the most newsworthy was the idea of “printing” parts for firearms.

In particular, US law allows you to acquire the hard-to-make components of some firearms, such as the barrel and breech, without any sort of licensing, as though they weren’t parts of a lethal weapon at all.

Apparently, it all depends on how the weapon disassembles, because it’s the part where the serial number is stamped that legally constitutes the firearm.

In the notable case of the AR-15 rifle, the serial number is on the lower receiver, a comparatively modest part that is just within the capabilities of a 3D polymer printer, so you can make one at home.

Plug your home-made lower into a shop-bought upper receiver, and you just sidestepped firearm licensing laws, at least until your home-made plastic part snaps under the stresses of firing.

It seems, however, it’s not just gun parts that have attracted the attention of fans of additive manufacturing.

According to Aussie-based IT News, Sydney police have reported their first cases of ATM skimming machines made on 3D printers.

A gang of suspected Romanian criminals is using 3D printers and computer-aided design (CAD) to manufacture “sophisticated” ATM skimming devices used to fleece Sydney residents.

[New South Wales] Police recently arrested and charged a Romanian national with fraud after a money transfer officer contacted police over a suspicious transaction.

A skimmer is a device that fits onto, around or into an ATM’s own “lower receiver” (i.e. the card slot).

The skimmer reads your card on its way into the real slot, where it is read again by the machine itelf.

That gives the crooks enough information to clone a magnetic-stripe-only credit card.

If they also have a hidden video camera, or an unobtrusive keypad overlay, they may be able to record your PIN at the same time, match it later with your cloned card, and raid your account for hard cash.

One obvious “advantage” of 3D printed skimmers is that the crooks can quickly try a new design (or tweak an old one) in order to make their devices as surreptitious as possible.

The better a skimmer fits, the more smoothly it blends with the ATM’s shape, and the closer the colour, the more likely it is go unnoticed.

Also, 3D printouts can be made on demand, so that the crooks can quickly replace skimmers that have been detected, removed and destroyed.

Fortunately, we don’t need to over-react by banning ATMs, or 3D printers, or both.

A few simple precautions when you are drawing cash can go a long way to reducing your risk of being skimmed.

Neither the skimmer, nor the video camera, nor the fake keyboard overlay, can be made completely invisible.

If you are alert you are likely to be able to spot them:

(Video from our intrepid human cybercrime fighting chums of the Queensland Police Service.)