What are Ghost ATMs and Dummy ATMs

Ghost ATMs and Dummy ATMs

In a previous post we covered;

  • What are Skimming devices
  • What are Cloned cards
  • How to protect yourself

In this post we discuss;

Ghost ATMs and Dummy ATMs

#2 Ghost ATMs; this ATM is created and built from scratch. It may incorporate a hybrid of parts from junked ATMs but is essentially a hand crafted ATM. These ghost ATMs record all your data without allowing a transaction. At the conclusion of a transaction the machine reads “Can’t complete transaction”.

#3 Dummy ATMs; in some cases an ATM is bought off of eBay (do a search) or elsewhere and installed anywhere there is foot traffic. The machine is set up for one purpose; read data. The machine might be powered by car batteries or plugged in the nearest outlet.

A few years back hackers hacked hackers at the annual Defcon conference in Las Vegas. Defcon is a conference for hackers of all breeds. There are good guys, bad guys, those who are somewhere in between, plus law enforcement and government agents. All kinds of inventive people with a penchant for technology descend on Las Vegas to learn, explore, and hack.

At that particular Defcon, someone planted a real, rigged, malicious ATM right outside the security office of the Riviera Hotel and Casino. For some reason, the area outside the security office didn’t have any security cameras, which made it an easy place to attempt a scam. Scams like this are common in Las Vegas, due to the city’s transient nature and frantic pace.

Everyone is looking for a quick buck, and what better place to pull of an ATM scam than Vegas?

After the Vegas Defcon ATM debacle, I needed to see how easy it was to buy and ATM and just set it up anywhere. So my search began.

I started looking on e-bay and found plenty of new and used ATMs ranging from $500-2500 but quickly determined I didn’t want to pay $300 for shipping.

Next was Craigslist, where anyone can rent out an apartment, buy a boat, and buy an ATM.

I quickly found an ad from a bar north of Boston. They were selling pool tables, Budweiser neon signs and an ATM. I visited the bar and saw it working and determined it was worth the financial risk, I then loaded it on my trailer, paid $750 and brought it home and put it in my garage.

There are nearly half a million ATMs in the U.S. Most are affiliated with reputable banks and monitored daily. But we discovered that anyone can get into the cash dispensing business. There are no regulations in the U.S. on who can own or operate an ATM.

An added bonus to this purchase was the ATMs transaction logs, where I recovered over 1000 credit and debit card numbers. 

How to protect yourself

  1. Scrutinize the ATM. This means every ATM, even ones from your bank. You also want to check any of the card sliders like ones at gas stations, etc, especially if you’re using your debit card. If the scanner does not match the color and style of the machine, it might be a skimmer. You should also “shake”  the card scanner to see if it feels like there’s something  attached to the card reader on the ATM.
  2. Cover the keypad when entering your PIN. In order to access your bank accounts, thieves need to have your card number and your PIN. By covering the keypad, you prevent cameras and onlookers from seeing your PIN.
  1. Check your bank and credit card statements often. If someone does get your information, you have 60 days to report any fraudulent charges to your credit card company in order not to be charged. For a debit card, you only have about 2 days to report any suspicious activity.

Be choosy. Don’t use general ATMs at bars or restaurants. These are not usually monitored and therefore, can be easily tampered with by anyone.