A massive group of hackers. Undercover federal agents. A casino. And lots of booze. All under the fiery, don’t ask, don’t tell Las Vegas sun. What could go wrong?
For anyone needing an ATM — a lot.
Last week, the annual DEFCON hackers conference was held in Las Vegas. And, according to Wired, placed in the conference center of the Riviera Hotel Casino, where much of the activity occurred, was a phony ATM.
Brian Markus, CEO of Aries Security, first noticed that something was up with the ATM when he peered into the dark glass on the front of the machine with a flashlight. He saw a computer set up to suck up his card data in place the usual security camera to deter thieves from accessing it.
Attendees at the conferences said the ATM was well placed to avoid surveillance cameras, which was another sign for Markus that the machine was bogus.
“In any casino, anything that is considered that high value has a camera” watching it, Markus said.
However, in a possible attempt at a joke, the machine was placed outside the hotel’s security office.
After its malicious intent was discovered, security officers stepped outside their office to seize the device.
No one is clear how long the ATM was in the hotel or who wheeled it in. To me, it just sounds like it was put there by someone attending the hackers conference to have a little fun, but others reporting the story say it could have been done by an outside criminal group.
It is clear that it wasn’t an isolated incident, though. PC World reported Monday on machines in the same hotel that accepted cards but wouldn’t give out any money. The charges would, however, appear on the accounts of anyone who used the machine.
The fake money dispenser was discovered after a presenter at the conference, Chris Paget, attempted to withdraw $200 on Sunday from his account.
The machine “whirred and chugged,” Paget said, “but no money came out.” His account was debited, however.
Paget wasn’t alone. He said he spoke with an Israeli man who tried to take out $1,000 with no luck. He also talked with a woman who attempted to extract $400. At least a half dozen people faced the same difficulty at different machines in the hotel, Paget said.
The machines could be infected with malware, Paget explained, and be programmed to not spit out any cash.
The U.S. Secret Service announced yesterday that it’s investigating the matter.
The DEFCON hackers conference originally started in 1993 and is typically held in the last week of July or first week of August in Las Vegas. I couldn’t find a mission statement, but according to its Web site, you shouldn’t go if you “do not have any technical interests” because” technology and hacking is the core” of the conference. Clear enough.
What do people do at DEFCON? A FAQ published on its Web site said activities include “coffee wars, WI-FI shoot outs, robot contests, TCP/IP contests, movie marathons, scavenger hunts, sleep deprivation, lock picking, warez trading, drunken parties, spot the fed contest” and more. They forgot to include hacking ATMs.
It’s a place to get recruited, too. According to PC World, thousands of representatives from the U.S. Department of Defense attend the conference every year looking for talent to fill jobs in the U.S. Air Force and other branches.
Federal employees first started attending DEFCON to construct relationships with and gather information about the hacker community, said Jim Christy, U.S. Department of Defense director of futures exploration. But now they look for recruits, too.
“The character of Defcon has changed over the years,” Christy said. “Ninety-five percent of the people here are good guys.”
It costs $120 cash to attend, and no, they won’t accept credit cards. Their explanation: “We don’t want to be a target of any state or federal fishing expeditions.”
See related: ATM saftey tips, ATMs aren’t just for cash withdrawals anymore