Monday, April 6, 2009

Skimming Identities

From the Consumerists blog,

This past weekend I went to use the local WaMu ATM to get some cash money. When I walked up to the ATM something struck me as funny…I couldn't quite put my finger on it but the card reader didn't look right, like it wasn't completely attached. I grabbed and pulled at the card reader and, lo and behold, it came off! It was actually a card skimmer attached to the ATM over that actual card reader. On the back there is a battery, flash memory card, and a mini USB port – it was set up so that ATM cards would first go through the skimmer and then into the ATM itself so you'd never know the difference.



While this type of attack is different then the type of phishing and other targeted cyber attacks then we've discussed this semester, it is important to note the varied technical means criminals employ to achieve their goals.

2 comments:

Jane said...

Throughout this course the most striking realization I have had has been the fact that attacks on privacy are not only frequent, but multifaceted, fairly easy, and risk free processes, whereas public awareness of privacy threats is minimal. In the case of cyberpace, one would assume that with such easily accessible technology handling highly sensitive information, everyone would either be an Internet expert or would showcase symptoms of “Internet paranoia.” Instead, the majority of society finds itself somewhere in the middle. Although not oblivious of attacks on privacy, if I had seen that WaMu ATM, I would have looked at it, pondered over it’s appearance, and continued to push in my PIN number--being left with an empty bank account and making endless phone calls to my card provider to no avail.

However, since this privacy threat was not specific to cyberspace, I believe it is especially important to note that general attitudes towards awareness may be the result of the chosen focus (ie: cyber terrorism and cyber attacks) of what constitutes a threat to privacy. Post 9/11 society is rightfully concerned with privacy threats in the realm of cyberspace, but such a shift of focus may have left behind those who aren’t necessarily weary of the Internet, but nonetheless, aren’t avid web surfers… the one’s who would use a funny looking ATM, lose their money, and consequently never get it back because society’s priority is fighting cybercriminals/terrorists. My point is not to undermine the legitimacy of either focus, but to propose that even with advancing technology, the littlest of attacks still have huge repercussions.

Grace said...

This article highlights how completely oblivious the general public is to privacy attacks of this nature. I’m shocked that the blogger was even able to say that the insert slot “didn’t look right.” Nor do I have Jane’s confidence asserting that she’d “ponder over its [the ATM’s] appearance.” I can confidently say I would not, perhaps before this course” pay any attention to the appearance of an ATM slot. I always cover the buttons as I enter my pin number, and remember to immediately put the card back in my wallet. I make sure no one is standing too close or follows me afterward—but beyond that, how much more careful can you be? I’d be shocked if too many of my peers could identify that ATM scanner as “funny looking.”

The article made me think about how we perceive threats to our privacy. It seems the arguments about “threats” are always about the government tapping phone calls, or looking at library books. However this course, and for example, this article, have shown me that those are not the threats we will encounter in our everyday lives. Rather, it is the small ways we leave ourselves vulnerable to the public which put us at risk—giving our information on the internet, or as in the case of this blogger, being duped by criminals armed with easily accessible cyber weapons. Daniel Solove would analyze this attack with his taxonomy of “threats to privacy.” The ATM story would certainly involve “intrusion” or “the invasion or incursion into one’s life, disturbing the victim’s daily activities altering his or her routines, destroying solitude, and making him or her feel uncomfortable.” Realizing how prevalent these types of attacks are has made me seriously question my own rhetoric regarding the government and privacy. I think we might be looking for the wrong enemy…