[GTALUG] Digital (NH4) 2Cr2O7

Russell Reiter rreiter91 at gmail.com
Mon Sep 7 12:31:32 UTC 2015


This is an odd subject title I know but a rather interesting POS security
issue. Everybody has a story. People involved in computer security and
intelligence have war stories, I have a few builders stories. Here is one
of them.
>
> (NH4) 2Cr2O7 is the chemical formula for ammonium dichromate. It's a
chemical which was used in developing colour film, with a few other notable
characteristics. One of those is that when it is burned the resulting ash
is seven times the volume of the original orange/red  fine powder that it
is, although that's not material to what I relate now.
>
> When I 'prenticed in the building craft I met a lot of property
developers some of them had, well lets call them skills. These skills were
a part of what you might call the long con. As opposed to the short con
where you just take the money the mark has with them at the time.
>
> I had a meeting with a fellow at a patio bar downtown and after our talk
we had a few beers and we were discussing the new banking technology which
allowed you to take money out of the bank from a machine outside the bank
at any time day or night.
>
> This is what he told me when I was expressing how easy this made it for
me to do my banking. He said, what if you lose your card, I said it has a
password. He said if I can get hold of your card even for a short time, I
can get not only your password but your account number and address.
>
> I said yea right how are you going to do that. He said ammonium
dichromate. I knew what that stuff was from witnessing the volcano
chemistry demonstration relating to the volume of the ash.
>
> So he told me that he could sprinkle the powder on the magnetic stripe of
my card. The powder would stick to the magnetized portion of the tape. This
would reveal the bar code and he could then duplicate that code on to a
piece of blank reel to reel audio tape, use a barcode reader to harvest the
plain text and get my pin and my address and my money then, by pasting that
tape onto a piece of stiff cardboard, off to the bank (machine). A library
card was just about the right size.
>
> Here's the digitized version of that technique. It requires a specific
cyanogen mod for the NFC.
>
> m.youtube.com/watch?v=x2rF3dD1Ns0
>
> Russell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20150907/a9eb5867/attachment.html>


More information about the talk mailing list