December 20, 2007

Breaking Into Hotel Kiosks

Employee of service company breaks into check-in internet kiosks at hotels and installs skimmer to collect credit card information. Only $35K in 3 days but illustrates lengths people will go. Just the other day the DVD Play kiosks were getting adjunct card readers hacked onto end of existing card reader skimming data off that.

Man Hacks Kiosk - Credit Card Data Phoned Home | LinuxElectrons

Man Hacks Kiosk - Credit Card Data Phoned Home
Published: Wednesday, December 19 2007 @ 11:45 AM CST
Contributed by: Tommy

California – A Lomita man pleaded guilty yesterday afternoon to federal charges stemming from his hacking into business kiosks at hotels and stealing credit card information.

Hario Tandiwidjojo, 28, pleaded guilty to one count of unauthorized access to a protected computer to conduct fraud.

In a plea agreement filed in United States District Court, Tandiwidjojo admitted that he hacked into approximately 60 computers inside business kiosks operated by Showcase Business Centers, Inc. Tandiwidjojo bypassed four password checks that Showcase Business Centers had in place on their computers, using passwords he obtained while employed by a company that serviced the business kiosks. After hacking into the computers, Tandiwidjojo installed malicious software that allowed him to intercept data, such as credit card information from customers who used the business kiosks. The malicious software that Tandiwidjojo had installed transferred the stolen customer data to a website he controlled. Tandiwidjojo then used this information to fraudulently make charges to the stolen credit card accounts.

Tandiwidjojo's activities led to $34,266 in losses in only three days in February 2007.

When FBI agents searched Tandiw idjojo's residence in August, they discovered a credit card writer that is used to put information on magnetic strips on credit cards, a credit card terminal used to process credit card transactions, multiple bank and gift cards, and a California driver’s license with Tandiwidjojo's picture but another name.

Tandiw idjojo pleaded guilty before United States District Judge Gary A. Feess, who is scheduled to sentence the defendant on March 3 in 2008. At sentencing, Tandiwidjojo faces a statutory maximum penalty of five years in federal prison, although the plea agreement contemplates a sentence in the range of 10 months to 16 months.

This case was the result of an investigation by the Federal Bureau of Investigation.

Posted by staff at December 20, 2007 10:51 AM