Windows to Power ATM's in 2005

Chris Devers cdevers at pobox.com
Wed Sep 24 21:23:17 EDT 2003


On Mon, 22 Sep 2003, Jerry Feldman wrote:

> On 22 Sep 2003 16:08:36 -0400
> Seth Gordon <sethg at ropine.com> wrote:
>
> > A few creative thieves have put up kiosks in shopping malls that look
> > like ATMs; the machines read off the mag-strips of whatever cards are
> > swiped through, take the PINs, and then tell the customer "service
> > temporarily unavailable" or whatever.  The thieves used this
> > information to duplicate the cards and use them to withdraw money from
> > real ATMs.
> >
> > [similar examples snipped]
>
> And related to this some very sophisticated thieves use real ATMs and
> attach their hardware. Unsuspecting people swipe their cards and enter
> their pin numbers not knowing that the thieves are recording it.


There was a string of incidents like this around here a few months ago.
Creepy stuff.


Anyone interested in this stuff should take a look at Bruce Schneier's
_Secrets & Lies_. One section of the book talks about these kinds of ATM
attacks at length, and talks about how it took several years to get all
the design considerations worked out -- for example, interface decisions
such as having the machine beep annoyingly until the card is removed from
the slot, because early users kept forgetting their card & the next person
in line would often end up stealing it.

Then extrapolate from how hard it was to get ATMs right -- and the basic
design is probably still evolving, I'd assume -- and consider what it'll
be like if/when we get electronic voting machines.

In my opinion, the fraud that the first, naive implementations of these
machines will allow is going to make Florida 2000 look like Mickey Mouse
stuff -- and potentially much easier to get away with, because leaving a
paper trail out of the system is for some bizarre reason an explicitly
design goal of most of the systems proposed.

And yeah, they'll probably also run Windows :-/



-- 
Chris Devers
tired of living in "interesting times"



More information about the Discuss mailing list