مطالعه موردی : از تجزیه و تحلیل سیستم تعبیه شده به سیستم های جاسازی شده مبتنی بر ابزارهای پژوهشگر

Since mid-2012, France and Germany have had to deal with a new form of payment card skimming. This fraud consists of adding a wireless embedded system into a point-of-sale payment terminal with the fraudulent goal of collecting payment card data and personal identification numbers (PIN). This case study details the strategy adopted to conduct the digital forensic examination of these skimmers. Advanced technologies and analyses were necessary to reveal the skimmed data and provide useful information to investigators for their cross-case analysis. To go further than a typical digital forensic examination, developments based on embedded systems were made to help investigators find compromised payment terminals and identify criminals. Finally, this case study provides possible reactive and proactive new roles for forensic experts in combating payment card fraud.

Europol estimates payment card fraud proceeds of approximately 1.5 billion euros per year (Europol, 2012). This fraud is thus a profitable means for organised crime groups that invest in technical skills to enhance their modus operandi and increase their rewards. One of the types of payment card fraud is skimming, with the aim of collecting payment card data contained in the magnetic stripe and PIN codes despite cardholder vigilance. Technically speaking, skimming is based on purpose built embedded systems, called skimmers, which are designed to collect several analog signals from the standard magnetic read head, as well as video record PIN entry surreptitiously. Over the last few years, experts in France and Germany have seen the evolution of skimmer internals from raw signal storage to state-of-the art encryption usage (Souvignet and Frinken, 2013). Forensic analysis techniques have had to follow that evolution, resulting in advanced analysis methods that are currently in place. In order to fully demonstrate the complexity of a basic embedded system analysis, this case study first describes the strategy adopted to analyse a new type of skimming fraud based on manipulated point-of-sale (POS) payment terminals. Further efforts by police researchers to develop embedded systems to counter the criminal efforts are explained, with the goal of assisting investigators in detecting fraudulent activities to help tackle this lucrative fraud. As some investigations and court trials may still be ongoing, only the minimal information necessary to illustrate the case study will be disclosed, with some data anonymised for confidentiality.

Smart cards and payment terminals are now widely available across the full range of retail and commercial environments, demonstrating that embedded systems form the crucial basis of payment card systems. At the same time, embedded systems are also used in payment card fraud where skimmers are used to collect payment card details despite cardholder vigilance. This case study has fully described a practical strategy to analyse modern skimmers with advanced encryption and Bluetooth communication abilities. Considerable efforts in hardware hacking, assembly code reverse engineering, and encryption reversal were necessary to process what was initially believed to be a rudimentary skimmer implementation. Well beyond simple analysis, a novel yet complex solution using embedded systems, in the form of an Android application and an Arduino board, was constructed to help investigators in finding manipulated POS terminals and detecting criminal presence. Finally, this case study should be taken as a solid proof of concept regarding other roles that digital forensic laboratory experts can assume. A reactive role is possible by technically assisting the investigator when the crime occurs, that is, detecting the crime based on their experience. A proactive role is also possible by integrating technical crime experts into the working groups responsible for the design of standards and security measures for embedded systems. Following the excellent operational success of this case, members of the BKA and the IRCGN are continuing to strengthen their collaboration. Additionally, researchers from the IRCGN are currently developing some interesting new tools based on knowledge gained by assisting field investigators in a reactive manner.