The ATM Skimming Fight Against Eastern Europe
Add to that last month's news that police in Romania had finally cracked a cybercriminal ring that manufactured and sold ATM skimming devices to neighboring European markets such as Italy, Germany and Sweden.
Estimate: The number of domestic ATM skimming attacks is five times higher today than even a year ago.
Clearly, ATM skimming is not going away.
Over the last three to five years, skimming attacks have dramatically increased in the United States, as well as in New Zealand and Australia. Carl Schriber of ATM security provider Absolute Financial Services Inc. estimates the number of domestic ATM skimming attacks is five times higher today than even a year ago. Most of the perpetrators of these attacks are based in Eastern Europe, where the manufacture and sale of skimming devices is common.
Security blogger Brian Krebs says the equipment keeps getting better, and finding it online is easy. He writes about one advertised set:
"According to the vendor of this skimmer set, the devices are powered by lithium ion batteries, and can run for 3-5 days on a charge, assuming the skimmers transmit on average about 200-300 SMS messages per day," Krebs writes. "This skimmer kit even includes an alarm feature so that if it is removed - either by the fraudster or a bank manager or passerby - the devices will immediately transmit any of their stored stolen data."
Another problem: In many Eastern European countries it's not illegal to sell skimming devices, only to use them. That compounds the issue for U.S. law enforcement, says Jeff Rinehart, special agent for the U.S. Secret Service. Rinehart, a presenter in BankInfoSecurity.com's webinar, ATM Fraud: Strategies to Beat the Skimming Scams, says the global reach of the Internet is pushing enforcement agencies to fight an uphill battle.
The Federal Deposit Insurance Corp. in May hosted a commercial fraud symposium in Washington, D.C. to address (among other topics) international crime rings -- especially those based in Eastern Europe. Focused more on the overall growing threat of cybercrime, rather than ATM skimming in isolation, the symposium's aim was only to prove that yes, indeed, Houston, we do have a problem.
Symposium keynote speaker Joseph Menn, the author of "Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet," says watch out for Russia and China, where the governments protect some of the world's worst cybercriminals:
"These countries are deliberately supporting some of the worst criminals on the planet because they are useful for a competitive advantage and for military purposes," Menn says.
My colleague, Eric Chabrow, who serves as the executive editor of GovInfoSecurity.com, recently posted a commentary about this very issue. Quoting U.S. Army Gen. Keith Alexander, the National Security Agency director and military cyber commander, Chabrow highlights steps the U.S. government is considering to fight global cyberthreats. During a presentation at the Center for Strategic and International Studies, Alexander had this to say when asked about a Russian proposal for a cyber warfare arms limitation treaty:
"We have to establish the rules, and I think what Russia's put forward is, perhaps, the starting point for international debate. ... I think when they put that on the table, I think the secretary of defense, the secretary of state, the administration would take those, carefully consider those and say: 'Now, what's the counterproposal from the United States?'"
One of the big challenges in any international cybertreaty is sovereignty, Chabrow says, because of the international dimensions of the Internet and business.
Part of cyberwarfare, the fight against ATM skimming has to take a global tone, I agree. There's little doubt the problem is multiplying. The United States' continued reliance on magnetic-stripe payments cards places U.S. cardholders at ever-increasing risks. More advanced, fraud-resilient chip-and-PIN technology used in virtually every other global market makes U.S. cardholders vulnerable.
As skimming attacks and card fraud continue to migrate to the U.S. because of our vulnerabilities, the need for more global debate -- and agreement - elevates from a choice. It becomes a necessity.