Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » ATM hacking scams: Thailand becoming top target

ATM hacking scams: Thailand becoming top target

by Nikola Strahija on August 6th, 2013 It seems more and more foreigners do their ATM hacking in Thailand. In the last 18 months over 10 groups of various nationalities have been arrested across Thailand for stealing.


In 2012 Thailand had 22 million tourists and at least half of that number in foreign cards whether debit or credit. That's a lot of victims to choose from.

Most Thai banks allow withdrawals of up to 60,000 baht which is around $2,000 US and charge a 150 baht fee on average ($5 US).
With the biggest known heist being in the 100m baht range (around $3,183,700 US dollars), one does wonder how many people were actually involved in the entire scam.

All of the suspects have a couple of things in common: they're going to a Thai jail (whatever their nationality is, they won't get extradited), and all were given preliminary charges of illegally retrieving computer system data with possession and use of counterfeit ATM cards.

How did they actually clone ATM cards?


In order to clone an ATM card, they needed to copy the data by reading the magnetic stripe and writing it on a blank card using hardware that can be bought on ebay for around $25 with shipping charges included.

Most banks offer cards with RFID chips and these usually have data encryption support for 3DES or AES128. Hardware for reading and writing these go from $40 on ebay, while the ones that support magnetic stripe+rfid are around $100 US.

So, the hardware is affordable as most hotels use them for keyless entry applications and the chinese competition is fierce.

Getting the data


Some scammers obtained the data through stolen CC databases while others used the old-school way of modifying the card slot on the ATM machines and reading the magnetic stripe.
For RFID cards there are specially crafted reader+antenna combinations which enable these scammers to read your cards anywhere from 1 to 15 feet away.

Putting this setup in a backpack and just strolling through a shopping mall in Thailand brings in a lot of data.

Here's a video demonstration of reading RFID tags from 15 feet away:


Protecting your credit cards


Whether your credit or ATM card is magnetic-stripe based, RFID based or both always make sure the card slot looks the same as on other ATMs of the same bank. Using ATMs inside shopping malls is advised. Get RFID-protected wallets or if you're feeling DIY modify your wallet by wrapping household aluminium foil around your cards and passport. Don't forget your ID card too.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »