The Martinez News-Gazette reports two men were sentenced to prison Tuesday after pleading guilty in Contra Costa County Superior Court to multiple charges tying them to a Northern California credit card scam that took more than $90,000 from 200 people.
Montgomery Media reports five men originally from Bulgaria have been arrested and charged with using “skimmer” devices on ATM machines at several Citizens Bank and Wells Fargo Bank branches in Springfield, Lower Providence and Lower Merion townships in Montgomery County as well as West Whiteland Township in Chester County.
Cal Coastal News.com reports San Luis Obispo Police arrested three people who allegedly stole $58,000 from at least 100 people by strategically placing small cameras and card readers at several county banks. A Chase Bank investigator told police he had captured video images of skimmers at the Chase Bank on Madonna Road. A few days later, another Chase Bank machine was compromised on El Camino Real in Atascadero. Police tracked the suspects to a local motel where they found skimmer devices, cloned credit cards and $20,000 in cash.
The Register reports two men were sentenced to lengthy prison terms on Tuesday for their roles in an ATM skimming spree that authorities say targeted gas station pumps throughout the United States. David Karapetyan, 32, received a seven-year prison sentence after pleading guilty to 37 felonies related to the scam, which prosecutors said netted more than $90,000 over a three-month period in Northern California alone. Zhirayr Zamanyan, 31, was sentenced to five years after he pleaded guilty to five felonies. The scheme unraveled after a 7-Eleven store employee in Martinez, California, noticed a skimming device inside a gas pump. Police replaced the device with a clone and conducted around-the-clock surveillance. Karapetyan and Zamanyan were apprehended when they visited the store to retrieve the device.
The Bellevue Report filed a story that Bellevue police arrested a man last month for mounting a camera on a Redmond ATM in an attempt to steal customers’ banking information. The “skimming” suspect was taken into custody on Dec. 21 after he was seen taking the camera from the ATM by Bellevue police.
The Philadelphia Inquirer reports in one form or another, skimming has existed nearly as long as credit cards have come with magnetic strips. ATM-card skimming is more complicated, because the cards require a secret PIN code to gain access to your funds. But the tools to simultaneously steal a card’s data and its owner’s secret code are increasingly available – sometimes even sold via contacts made in Internet chat rooms.
Kelly Jackson Higgins at Darkreading notes that most victims of targeted attacks that originate from so-called advanced persistent threat (APT) attackers have been under siege for so long, by the time they discover it, forensics investigators can’t even trace the original machine that was infected. Prevention is often futile, so how you manage the aftermath of discovering an intrusion can make all the difference in proper remediation.
ThreatPost.com reports the Zeus Botnet continues to evolve and shift in focus from its traditional targets, banks and their customers, to other money-handling institutions like electronic money and online payment systems. The shift has been going on for months and likely follows policy moves by banks to protect themselves and their customers from the malicious theft of personal and financial information.
CSO Security and Risk reports the National Strategy for Trusted Identities in Cyberspace aims to set the benefits, overall strategy, goals and objectives of the government’s plan to improve how users (and even devices) are authenticated onto the Internet. The plan, so far, calls for very limited government involvement in the development of the identity infrastructure. Cybersecurity Coordinator and Special Assistant to the President, Howard A. Schmidt said the initiative is necessary to help fight online fraud and identity theft.
SC Magazine reports most IT security practitioners believe the Payment Card Industry Data Security Standard (PCI DSS) is necessary for protecting cardholder data and think their organization is more secure today because of it, according to a survey released Wednesday by Cisco. The survey of 500 IT security decision makers across health care, finance, retail, education and government sectors found that most organizations have taken significant steps to become compliant with the standard. A majority of survey respondents were “very confident” they could pass an assessment today.
