>As far as anyone knows, there has never been a gas attack on an American ATM. The leading theory points to the country’s primitive ATM cards. Along with Mongolia, Papua New Guinea, and not many other countries, the U.S. doesn’t require its plastic to contain an encryption chip, so stealing cards remains an effective, nonviolent way to get at the cash in an ATM.
Would this really be the reason why there hasn't been a gas attack in the US? Even if a criminal stole an ATM card they would still need a PIN. How does a criminal get the PIN? Especially in a non-violent manner?
Based on what I've read in e.g. Krebs On Security, one scheme is to add hardware to an ATM that reads the magstripe data and photographs the person tapping out their pin. I'm glad to say that even before I read of this my general paranoia had me covering that process up ^_^.
Since our cards only have magstripes---heck, it wouldn't even matter if their data was encrypted since this is a playback attack that needs something like a challenge-response protocol a chip in a pin could implement---you just write that data to other cards and have people go to ATMs and make withdrawals with the fake cards and captured PINs.
Ah, yeah, for withdrawals from my major bank, I only use an ATM that's in a retail establishment that's open 24x7. Compromise of it is unlikely when there are so many others that are much much safer.
Well, this is one right outside a branch of its bank, all is part of the retail establishment.
Although I'd agree with something related to your point, an ATM that's part of a bank like mine or the ones you try to use are observed by bank personnel, who you can hope will be a bit more suspicious of any physical changes to it.
What I've noticed is American thieves seem to use a brute force approach when they want to empty an ATM. Truck, forklift, crowbar and sledge; that sort of thing. But just like the rest of industry, crime has innovations and adopts new technologies and ideas. This might well be such an adoption.
>What I've noticed is American thieves seem to use a brute force approach
i think it is important that in US people with mid-education/IQ/life skills/from working class family/etc... have much more opportunities and thus the path of traditional crime (like robberies, etc...) is much less appealing.
>As far as anyone knows, there has never been a gas attack on an American ATM. The leading theory points to the country’s primitive ATM cards. Along with Mongolia, Papua New Guinea, and not many other countries, the U.S. doesn’t require its plastic to contain an encryption chip, so stealing cards remains an effective, nonviolent way to get at the cash in an ATM.
Would this really be the reason why there hasn't been a gas attack in the US? Even if a criminal stole an ATM card they would still need a PIN. How does a criminal get the PIN? Especially in a non-violent manner?