The wrong cable guys: Card skimmers install bogus wires into cash registers in Nordstrom store

A trio of men plugged keyloggers disguised as ordinary connectors into cash registers in a Nordstrom department store in Florida, and returned to collect days later, according to security blogger Brian Krebs.

According to Krebs, the gang used connectors designed to resemble common PS2 cables, “The fraud devices in this case resemble small keyloggers that are sold by dozens of stores for approximately $30 to $40 apiece. These hardware keyloggers are essentially Ps2 connectors that are about an inch in length.”

Krebs points out that such devices – a PS2 connector with built in storage and transmission capabilities are freely on sale.
Placing such a device would have allowed criminals access to data for anyone applying for a Nordstrom credit card, plus any numbers typed in via the keyboard (for instance when a magnetic stripe reader failed), according to Ars Technica.

Krebs writes that the Aventura, Florida police report said that Nordstrom’s security footage showed the three men acting as a team, with two distracting staff, while another installed the keyloggers.

“The subjects then return at a later date to recover the devices and create fake credit cards for fraud,” the Aventura PD stated in a memo describing how the thieves would complete their scam. “The connector was made to match the connections on the back of the register to include color match. Therefore, no one would have detected it unless there was a problem with the register.”

 Nordstrom said that it was investigating, according to Krebs.

Russian cybercriminals already sell fake point-of-sale terminals, with gangs of criminals at the ready when a credit card number is entered – able, one security expert says, to “drain bank accounts” in three hours.

The $2,000 reader is offered as a “package” with a money laundering service built in.

Shown off in a video leaked to tech site The Register, the card reader – looking very similar to models used in restaurants worldwide – is shown to “read” numbers including the PIN, which are then displayed on a computer screen.
In the video, the information is transferred via cable – but if the terminal is fitted with a SIM card, it can “text” the information direct from your table to teams of criminals. The device is offered as a package – alongside a “service” where teams of criminals use cloned cards to buy fake goods, demand refunds, then take the cash.
The video is used as a sales tool for the $2,000 device, which is sold on underground forums in Russia, according to The Register’s report.
Thieves can then strip a customer’s bank account in under three hours, according to Russian security investigators Group-IB.