Six men may have been involved in the installation of cash register skimmers at a Nordstrom store in Florida according to a report from Brian Krebs.
According to a police alert on October 5, the store was first visited by three men whose actions were captured by CCTV cameras. Two of the men, it is said, distracted sales staff whilst the third took photos of the outside of a register before removing the back panel whereupon he took more pictures.
A few hours later another three-man team entered the store and, once again, two of them gained the attention of sales staff. During this time, the third man opened up the back of the register and installed a keylogging device.
The Aventura Police Department said that Nordstrom discovered a total of six devices attached to its registers. They were connected in series between the keyboard and the computer and likely had 4MB or more of on-board storage to record data.
Krebs highlights how cheap skimming devices are, with standard versions being widely available and costing from just $40. Such devices may be hard for untrained staff to spot too – they look like a standard PS/2 keyboard connector, even down to the fact that they are purple in colour, which is seen as a standard for this type of pre-USB keyboard connector.
Krebs quotes a memo from the Aventura Police Department:
The connector was made to match the connections on the back of the register to include color match. Therefore, no one would have detected it unless there was a problem with the register.
Nordstrom spokesperson Kara Darrow said:
We did find some unauthorized devices on some of our cash registers. It's not anything broader at this point.
As soon as we figured out this was happening, we had forensics experts looking at the situation, but it's still very early in our investigation.
At this time it is unknown if the men ever returned to the store in order to retrieve the keyloggers and Nordstrom are unaware of any arrests being made.
Krebs pointed out that, while the devices look like they are designed to log keystrokes from an attached keyboard, they could also be used to steal credit card information.
This is because many retailers employ cash registers that connect directly to the computer’s keyboard or use readers that are themselves PS/2 based.
The Aventura Police Department memo did note this possible next step and motive:
The subjects then return at a later date to recover the devices and create fake credit cards for fraud.
That, of course, supposes they need to return to the store at all – the same search on Google that reports the $40 standard skimmer also shows that it is surprisingly easy to also source another model which comes with 2GB of storage, as well as the ability to connect to a wireless network.
For just $139, the alleged credit card thieves could have parked nearby and acquired all the data they wanted over the airwaves.