Nordstrom’s, the department store, fell victim to the latter tactic recently when scammers somehow found a way to attach a half-dozen cheap keyloggers – which can be bought for as little as $40 at retail stores – to cash registers in Florida.
Security researcher Brian Krebs noted that the fraud devices are essentially PS2 connectors that are about an inch in length. “The tiny data storage devices are usually purple in color to match the color-coded standard for keyboards, and are made to be inserted between the male end of a PS2 keyboard connector and the female receptor on a computer,” he explained in a posting on the incident.
Krebs said that the police department in Aventura, Fla., issued an alert last weekend to the store saying that it caught three male suspects on surveillance cameras tampering with registers. The small gang used a combination of distraction and brazen dismantling of the machines to get photos of the inner workings –presumably to get the right specs for what they needed. Then, hours later, they returned and installed six devices.
“The subjects then return at a later date to recover the devices and create fake credit cards for fraud,” the Aventura police said in a memo obtained by Krebs. “The connector was made to match the connections on the back of the register to include color match. Therefore, no one would have detected it unless there was a problem with the register.”
Krebs noted that the card skimmer scam could have been much more insidious. “I found several of these hardware keyloggers that include 2 GB of storage and built-in wireless support that allows the devices to connect to a local wireless network and send email reports of the stolen data,” he wrote. “Although the color and shape of these PS2-based skimmers indicates that they are designed to interface with a keyboard, that does not mean they can’t steal data from a credit card reader. Many cash registers at retailers have PS2-based card readers, or connect the card reader directly to the computer’s keyboard.”
In this particular instance, Nordstrom’s said that it wasn’t clear whether the scam was limited to that one store. “We did find some unauthorized devices on some of our cash registers,” Nordstrom spokeswoman Kara Darrow told Krebs. “It’s not anything broader at this point. As soon as we figured out this was happening, we had forensics experts looking at the situation, but it’s still very early in our investigation.”