Man this has got all my haunts in it
love dis shiz
-Sept. 9, 12:30 p.m. CT, Yucatan Peninsula, Mexico: Halfway down the southbound four-lane highway from Cancun to the ancient ruins in Tulum, traffic inexplicably slowed to a halt. There was some sort of checkpoint ahead by the Mexican Federal Police. I began to wonder whether it was a good idea to have brought along the ATM skimmer instead of leaving it in the hotel safe. If the cops searched my stuff, how could I explain having ultra-sophisticated Bluetooth ATM skimmer components in my backpack?
The above paragraph is an excerpt that I pulled from the body of Part II in this series of articles and video essays stemming from a recent four-day trip to Mexico. During that trip, I found at least 19 different ATMs that all apparently had been hacked from the inside and retrofitted with tiny, sophisticated devices that store and transmit stolen card data and PINs wirelessly.
In June 2015, I heard from a source at an ATM firm who wanted advice and help in reaching out to the right people about what he described as an ongoing ATM fraud campaign of unprecedented sophistication, organization and breadth. Given my focus on ATM skimming technology and innovations, I was immediately interested.
My source asked to have his name and that of his employer omitted from the story because he fears potential reprisals from the alleged organized criminal perpetrators of this scam. According to my source, several of his employer’s ATM installation and maintenance technicians in the Cancun area reported recently being approached by men with Eastern European accents, asking each tech if he would be interested in making more than 100 times his monthly salary just for providing direct, physical access to the inside of a single ATM that the technician served.
One of my source’s co-workers was later found to have accepted the bribes, which apparently had only grown larger and more aggressive after technicians in charge of specific, very busy ATMs declined an initial offer.
My source said his company fired the rogue employee who’d taken the bait, but that the employee’s actions had still been useful because experts were now able to examine the skimming technology first-hand. The company tested the hardware by installing it into ATMs that were not in service. When they turned the devices on, they discovered each component was beaconing out the same Bluetooth signal: “Free2Move.”
Turns out, Free2Move is the default name for a bluetooth beacon in a component made by a legitimate wireless communications company of the same name. I also located a sales thread in a dubious looking site that specializes in offering this technology in mini form for ATM PIN pads and card readers for $550 per component (although the site claims it won’t sell the products to scammers).
The Bluetooth circuit boards allegedly supplied by the Eastern Europeans who bribed my source’s technician were made to be discretely wired directly onto the electronic ATM circuit boards which independently serve the machine’s debit card reader and PIN pad.
Each of the bluetooth circuit boards are tiny — wafer thin and about 1 cm wide by 2 cm long. Each also comes with its own data storage device. Stolen card data can be retrieved from the bluetooth components wirelessly: The thief merely needs to be within a few meters of the compromised ATM to pull stolen card data and PINs off the devices, providing he has the secret key needed to access that bluetooth wireless connection.
Even if you knew the initial PIN code to connect to the Bluetooth wireless component on the ATM —the stolen data that is sent by the bluetooth components is encrypted. Decrypting that data requires a private key that ostensibly only the owners of this crimeware possess.
These are not your ordinary skimming devices. Most skimmers are detectable because they are designed to be affixed to the outside of the ATMs. But with direct, internal access to carefully targeted cash machines, the devices could sit for months or even years inside of compromised ATMs before being detected (depending in part on how quickly and smartly the thieves used or sold the stolen card numbers and PINs).
Not long after figuring out the scheme used by this skimmer, my source instructed his contacts in Cancun and the surrounding area to survey various ATMs in the region to see if any of these machines were emitting a Bluetooth signal called “Free2Move.” Sure enough, the area was blanketed with cash machines spitting out Free2Move signals.
Going to the cops would be useless at best, and potentially dangerous; Mexico’s police force is notoriously corrupt, and for all my source knew the skimmer scammers were paying for their own protection from the police.
Rather, he said he wanted to figure out a way to spot compromised ATMs where those systems were deployed across Mexico (but mainly in the areas popular with tourists from Europe and The United States).
When my source said he knew where I could obtain one of these skimmers in Mexico firsthand, I volunteered to scour the tourist areas in and around Cancun to look for ATMs spitting out the Free2Move bluetooth signal.
I’d worked especially hard the previous two months: So much so that July and August were record traffic months for KrebsOnSecurity, with several big breach stories bringing more than a million new readers to the site. It was time to schedule a quasi-vacation, and this was the perfect excuse. I had a huge pile of frequent flier miles burning a hole in my pocket, and I wasted no time in using those miles to book a hotel and flight to Cancun.
There are countless luxury hotels and resorts in Cancun, but it turned out that the very hotel I picked — the Marriott CasaMagna Hotel — had an ATM in its lobby that was beaconing the Free2Move signal! I had only just arrived and had potentially discovered my first compromised ATM.
However, I noticed with disappointment that for some reason all of my Apple devices — an iPhone 5, a late-model iPad, and my Macbook Pro — had trouble reliably detecting and holding the Free2Move signals from one of the two ATMs situated in the hotel lobby.
I decided that I needed a more reliable (and disposable) phone, so I hopped in the rental car for a quick jaunt down the road to the local TelCel store (TelCel is Mexico’s dominant mobile provider and a company owned by the world’s second-richest man — Carlos Slim). After perusing their phones, I selected a Huawei Android phone because — at around USD $117 — it was among the cheapest smartphones available in the store. Also, the phone came with plenty of call minutes and a semi-decent data allowance, so I could now avoid monstrous voice and data roaming charges for using my iPhone in Mexico.
Nearby the TelCel store was Plaza Caracol — a mall adjacent to a huge tourist nightlife area that is boisterous and full of Americans and Brits on holiday. The car parked in the mall’s garage, I pulled out my new Huawei phone and turned on its bluetooth scanning application. The first ATM I found — a machine managed by ATM giant Cardtronics — quickly showed it was beaconing two Free2Move signals.
Returning to the Marriott hotel, I found that the two Free2Move bluetooth signals showed up consistently and reliably on my new phone’s screen after about 5 seconds of searching for nearby bluetooth connections. The compromised ATM in the hotel also was a Cardtronics system.
At this point, I went to the front desk, introduced myself and asked to speak to the person in charge of security at the CasaMagna. Before long, I was speaking with no fewer than six employees from the hotel, all of us seated around a small coffee table overlooking the crystal-blue ocean and the pool. I explained the situation and everyone seemed to be very concerned, serious, asking smart questions and nodding their heads.
A man who introduced himself as the hotel’s loss prevention manager disclosed that Marriott had recently received complaints from a number of guests at the hotel who saw fraud on their debit cards shortly after using their ATM cards at the hotel’s machine. The loss prevention guy said the company responsible for the ATM — Cardtronics — had already sent someone out to review the integrity of the machine, but that this technician could not find anything wrong.
[SIDE NOTE: That technician may have only inspected the exterior of the machine before giving it a clean bill of health. Another explanation is that the technician that was sent to find skimming devices didn’t report their presence because he was the one who installed them in the first place!]
That same day, I phoned Giovanni Locandro, senior vice president of North American business development at Cardtronics. He told me the company conducts periodic “sweeps” in Mexico to look for skimming devices on its machines and that it was in the process of doing one at the moment down there, although he didn’t acknowledge whether he was familiar with the exact scheme I was describing.
“We are doing another sweep as we speak down there,” Locandro said. “We do random sweeps, especially in tourist areas to check for those devices. But we haven’t heard of any cards being cloned. Any devices we receive we take those to our internal security folks, and then we contact the authorities.”
I couldn’t dissuade these young ladies and many others from using the compromised machine on my second evening at the hotel.
I showed the hotel folks the bluetooth beacons emanating from the ATMs in the lobby, and showed them how to conduct the same scans on their phones. Everyone roundly agreed that the technician had to be called again. But there were two ATMs in the lobby — one dispensing Mexican Pesos and another dispensing only dollars. How to know which ATM is compromised, they asked? Unplug them one by one, I replied, and you’ll see very quickly which cash machine is hacked because the bluetooth beacon would shut off.
Despite more head nods and a round of verbal agreement from the hotel staff that this was a good idea, to my surprise nobody at the hotel bothered to touch the machine for two more days. I watched countless people withdraw money from the hacked ATM; some of those I warned while in the lobby were appreciative and seemed to grasp that perhaps it was best to wait for another ATM; others were less receptive and continued with their transactions.
The next morning — after verifying that the hotel’s ATM was still compromised and trying in vain to hail the security folks again at the hotel — I headed out in the rental car. I was eager to visit some of the other more popular tourist destinations about an hour to the south of Cancun, including Playa del Carmen, Tulum and Cozumel. I wanted to see how many of those towns were hacked by this same skimming crew.
I was about to learn that the true scope of this scam was far larger than I’d imagined.
If you haven’t already done so, please check out Part II and Part III of this investigative series:
I feel like it is weird to food blog about a kebab store
She didn't really seem to like it
So Noods went to the Hunter Valley for the weekend away with the boys, leaving me unsupervised which meant I may have bought 3 pairs of shoes, 2 books about robots, 6 boxes of Kit Kats, 3 handbags, a 17g Madame Truffles truffle, truffle ice cream and truffle salt. Yeah I dunno how that happened but the highlight of my weekend was having lunch with Viv, Sarah and Eric at Chester White Cured Diner with a sneaky beverage or two.
The place is pretty tiny, the bar runs the length of the room and behind the counter hangs an entire row of cured meats. So first things first, we order the Meat Platter (2 meats with sides $20, added 2 more meats for $6 each). We choose the Culatello ITA (King of cured meats! the menu exclaims), Truffle Salami, Sopressa Salami and Fennel Garlic Salami and the board is crammed with pickled carrots, cauliflower and radishes, bread, slabs of asiago and fontina cheeses and of course some olives.
We love the culatello which is similar to proscuitto but has a much more intense flavour and the heady aroma of the Truffle Salami has me weak at the knees. The fennel and garlic salami would’ve been awesome if it was a bit more garlic-y but it’s still tasty as is the sopressa washed down with a Negroni ($16) that is perfect for this almost spring weather.
We were actually thinking of heading to Buffalo Dining Club, Chester White’s sister restaurant in Darlinghurst- for their Spaghetti in a wheel of cheese, but then we heard about Chester White’s Truffled Spaghetti Cacio E Pepe ($22).
DAT TRUFFLE SCENT! Spaghetti, olive oil and pepper is mixed in the wheel so flakes of deeelicious truffle parmesan is scraped off ermahgerd if you love truffle you will love this! The pasta has a satisfying chew and as we scrape the plate clean I quietly contemplate ordering a second round.
And we couldn’t resist ordering the Not Chester Carbonara ($20) made with casarecce pasta, organic porcini mushrooms and speck.
Oooh yeah, mix it goood
Speck! My god how good is speck?! That fat, that flavour, THOSE GLORIOUSLY CRISPY NUBBINS! Each twisty pasta shell was coated in rich egg yolk so that the earthy mushrooms and bits of speck clung on for dear life before being delivered to my soul.
Oh and there’s the house made chilli sauce if you like a bit of spice.
I heart their plates hahaha
Not wanting to share, we ordered a round of the Cheeky Tiramisu ($5 each) which arrive in the cutest little mugs. It is the perfect ratio of cream and coffee soaked savoiardi biscuits and it turns out to be the perfect size for us after all the pasta.
Jars of house made pickles all lined up.
I love that Chester White has that Potts Point hipster vibe and the brilliant service, incredible pastas and tasty meats has secured a special place in my pasta loving heart.
Chester White Cured Diner
3 Orwell St,
Wed – Thurs: 5pm – 11pm
Fri – Sat: 12pm – 11pm
i live on den sesame balls atm but red bean ones
Here are all 10 illustrations for my Imagined Realms project. As of this posting, there are 14 days left on the Imagined Realms Kickstarter! You can own prints of all these illustrations starting at $20 for the set. :)
Artist you should follow if you aren’t already: Julie Dillon’s work is chock full of WOC depicted as powerful and wise in gorgeous fantasy/sci fi settings. One of my top favorite artists
Ahh Maru u wuss
expensos but i'd still go
God & Jon Hamm
by ELEANOR MORROW
Wet Hot American Summer: First Day of Camp
creators Michael Showalter & David Wain
It was right before Christmas in the year of our lord 1993 that The State debuted on MTV. Sketch comedy was previously the province of the old; Steve Martin was already in his late 60s by this time, and dating women a mere forty years younger. People still thought Eddie Murphy was hilarious. Non-Seinfeld based comedy as we know it was largely based around puns and the crankiness of Tim Allen's fictional wife Jill (Patricia Richardson). No one was sure what exactly was funny, or why. For some reason, people even found Chevy Chase amusing, or pretended to.
There was nothing to laugh at before The State came on the scene, and Wet Hot American Summer was basically a reunion show for the sketch comedy series that influenced so many young people of every profession. Did it matter that Ken Marino was now in his early forties and that apparently no one liked Kevin Allison enough to invite him back for this project? No. All that mattered is that we could laugh again.
The State's breadth was stunning, and its innovation fantastic — even its worst sketches were so mind-numbingly bizarre that they became even more humorous in retrospect thinking of the idea that MTV allowed them to air on cable television. Most older comedy shows just sit like lumps; quickly becoming dated because of a topical humor that is only understood in context. The State was nothing like that — those of its concepts which did not resonate at the time are now retrospectively funny twenty years later.
The one thing The State constantly avoided being was fan-service. Instead the half-hour show delivered what you did not expect, usually without incorporating profanity or lame cameos from more famous performers as surprises. The fact that it did not have to appeal to any extant audience is what allowed it to exist on its own terms. Well, all of that is flushed down the toilet with Wet Hot American Summer: First Day of Camp.
The original cast of the film looks surprisingly spry in this short Netflix series, with even David Hyde Pierce seeming like he has been in cryogenic sleep since Frasier. Only Showalter himself looks meaningfully different from his original character. I was watching First Day of Camp with a friend of mine whose idea of comedy is Sam Waterson playing gay, and she asked me to explain what the joke was here. "So they were old too old to play campers? And now they're still too old?" I nodded and focused my eyes on the tiny tee-shirt worn by Gerald "Coop" Cooperberg (Michael Showalter).
One of the most embarrassing things Roger Ebert ever wrote was his review of the original movie. None of the jokes resonated for him at all, probably because he was a generation older than any of the writers or performers in the film. He should have at least appreciated the lush, colorful aesthetic that David Wain has made his signature style. No one does a better closeup in this industry, and the broad array of talent is so wonderfully directed that even Chris Pine comes off as a magnificent performer.
First Day of Camp is a prequel to the original film. Coop has arrived to meet up with his girlfriend Donna (Lake Bell), who seems more interested in visiting Israeli counselor Yaron (David Wain). A camp production of the musical ElectroCity pairs theater counselor Susie (Amy Poehler) and dessicating Broadway character actor Claude (John Slattery). A subplot involving the government dumping chemical waste near the camp allows camp directors Greg (Jason Schwartzman) and Beth (Janeane Garofalo) a romantic interlude and explains how Jonas (Christopher Meloni) became Gene, the disturbed camp cook of the original film. Lastly, reporter Lindsay (Elizabeth Banks) goes undercover as a counselor to get a story about reclusive musician Eric (Chris Pine).
What exactly is First Day of Camp missing? It is almost completely composed of fan service, but that is not really the problem. Opening up the universe to amusing scenes filmed in New York in the office of magazine editor Alan (Jordan Peele) adds something different to the experience, even if characters like John Slattery's lecherous veteran actor, Jon Hamm's government assassin The Falcon and Michaela Watkins' lecherous choreographer fall a bit flat.
Wet Hot American Summer: First Day of Camp is such great fun it seems silly to ask for anything more. But extended scenes set at David Hyde Pierce's university or the courtroom of attorney Jim Stansel (Michael Cera) remind us of how exciting it would be to see a new comedy set in this wild universe instead of the familiar summer camp drama.
Demanding our most serious comedic talents revisit the scenes of their finest successes led to Beverly Hills Cop 3. Sure, without the comfort of the characters that proved so successful in the original film, Wet Hot American Summer: First Day of Camp would be an inconsistent mix of brilliant satire and completely bizarre flops (still not sure what Showalter was going for with his performance as Ronald Reagan), but that was pretty much The State. At least it wasn't content to trod out the same characters again and again, looking to resurrect whatever bit of genius captured the imagination the first time. Instead they moved onto the next thing.
Eleanor Morrow is the senior contributor to This Recording. She is a writer living in New York.
"You're Mine (The Chase)" - Meiko (mp3)
"Oh My Soul" - Meiko (mp3)
u guys can go to eggslut
So originally I was going to do a burgers of USA post but well, Eggslut in Los Angeles totally deserves a post of its own because yo look at dat Bacon, Egg and Cheese Sandwich ($6)!!! It’s been 3 weeks since I consumed it and it still calls to me in my dreams!
Seriously, how can a burger be so beautiful, just oh so attractive? The toasty warm brioche bun holds the crispylicious curls of hardwood smoked bacon, the melty cheddar cheese draped over the medium egg that will spill forth a river of yolk-y goodness and a slightly spicy chipotle ketchup brings everything all together in delicious harmony.
Innards shot because when something is that delicious you just want to share every single angle possible with the world. Seriously though? Best damn breakfast burger I’ve ever had.
I may have blushed when ordering the Slut ($9) but you’ll have absolutely no regrets once you take one bite of the coddled egg which is layered on top of an impossibly smooth potato purée and served with slices of crisp baguette.
Oh. My. Freaking. God. I may have just weeped with joy at this incredible flavour combination and seriously considered ordering a second round after my tastebuds went into a frenzy after that first bite.
I thought about getting the Fairfax Sandwich ($7) which is stuffed with scrambled eggs, chives, cheddar cheese, caramelized onions and sriracha mayo but thought I should try a non egg sandwich and ordered the Gaucho Sandwich ($11) instead. While the combination of the juicy seared wagyu tri-tip steak, chimichurri, red onions, arugula (rocket) and an over medium egg tasted perfectly fine, my stomach mourned that it could not fit in another bae roll.
Eggslut started off as a food truck before setting down roots in the Grand Central Market and apparently queues for Eggslut can be pretty insane but since we were still on Sydney time (and never really adjusted during the whole trip lol) we arrived around 3pm with only a 5min wait and easily grabbed a stool at the bar. The area is a bit dodgy but if you visit LA, Eggslut is definitely a must do!
Stall D-1, Grand Central Market
317 S. Broadway
Los Angeles, California
7 days: 8am – 4pm
Oh ye of little faith, look at what the youth say.
At the New York Times, Sandy Keenan (not to be confused with Sandy Kenyon) interviewed a bunch of students at the University at Albany ,which now, because of a new New York state law, must obtain affirmative consent before sexual activity to avoid breaking school rules. Keenan asked the students about their sexual practices and knowledge of the new consent policy. Some of the responses were devastating. Many students didn’t know anything about affirmative consent. One young woman told the reporter that recently, to deflect unwanted sexual attention and touching, she had “pretended [she] was dead.” Another, when asked how many of the ten men she most respected on campus needed consent education, said 11.
But one junior, Tyler Frahme, warmed my heart. When Keenan first spoke to Frahme, he didn’t know about affirmative consent. But Keenan writes:
Since first hearing about the new policy, he said, he had been practicing consent almost religiously. He now asks for consent once or twice during sexual encounters with women he knows well, and four or five times during more casual or first-time hookups.
“I certainly didn’t expect the policy to change my behavior,” he said, “but it has.”
It’s getting to be a little more comfortable, he said. He crafts and poses questions like “You O.K. with this?” “Do you still want to go ahead?” and “Hey, you don’t have to do this if you don’t want to.”
For reasons Maya and Reina have written about before, I don’t think affirmative consent is a silver bullet to end gender violence: it’s really just the bare minimum we can ask of each other as decent human beings, and a very early step toward building health sexual cultures. But so much resistance to affirmative consent is based on an assumption that sexual practices are set in stone, as though people couldn’t possibly have sex slightly differently tomorrow than they did yesterday. History, of course, instructs us otherwise, as does Mr. Frahme.
I want a lamington scroll. I want a lamington everything
I'm really cranky about all our shitty right wings governments all the time lately. This thing has made me very grumpy though. They introduced tough new penalties for breaching Federal privacy laws and then they just got rid of the Commish.
not only are the OAIC’s major statutory functions not being performed as intended and legislated by the previous Parliament but the statutory office created by that Parliament can no longer be described as existing. In particular, the evidence available points to the deliberate removal of the funds needed by the OAIC to discharge its statutory FOI functions including its central and critical overarching statutory responsibility to independently monitoring, supervising and guiding the FOI system, and advising the government, Further, the Government has chosen to pass those responsibilities to one of its Departments.The same points could be made about the reduced capacity to conduct the information and privacy functions of the office.
If one accepts that analysis, why does it not follow that the Government’s actions are a repudiation of its duty? Why does it also not follow that the Executive Branch of our Government is repudiating its obligations to respect, carry out and maintain the laws of the Parliament, the Constitution, the Rule of Law and the Separation of Powers?
I would like the desserts thanks v much