PC World – by Jeremy KirkCybercriminals have stolen payment card data from six more U.S. retailers using similar point-of-sale malware that compromised Target, a computer crime intelligence company said Friday.
The conclusion comes from a study of members-only forums where cybercriminals buy and sell data and malicious software tools, said Dan Clements, president of IntelCrawler, which conducted the analysis.
The retailers have not been publicly named, but IntelCrawler is providing technical information related to the breaches to law enforcement, Clements said in a telephone interview Friday.
Hackers’ tools determined
IntelCrawler has also identified a 17-year-old Russian who it says created the BlackPOS malware, which intercepts unencrypted payment card data after a card is swiped. Security experts believe malware based on BlackPOS was used against Target.
The teenager, who goes by the online nickname “ree4,” sold more than 40 copies of BlackPOS to cybercriminals in Eastern Europe and elsewhere, according to forum postings IntelCrawler analyzed.
INTELCRAWLERClements said IntelCrawler is “90 percent” sure of its finding, based on the forum postings and sources it communicated with.
The forum posts indicate the teenager sold the malware for $2000 or for a share of the profits that came from monetizing stolen payment card details, Clements said.
BlackPOS was also sold to “carding” websites such as .rescator, Track2.name and Privateservices.biz that trade in stolen card details, according to IntelCrawler.
BlackPOS was originally called Kaptoxa, which is Russian slang for potato. Clements said the Russian teenager eventually renamed the malware BlackPOS during a fresh marketing push.
Dallas-based security company iSight Partners wrote in a report earlier this week on the Target hack, which it called the “Kaptoxa operation.” It says the hackers used a high level of skill to gain stealthy access to the retailer’s network.
Recurring attacks on POS terminals
Since early 2013, IntelCrawler has seen a brisk trade in login credentials for POS terminals on underground forums, suggesting cybercriminals are still finding gaps in industry security recommendations for how payment card data is handled.
Cybercriminals were selling “remote desktop protocol” credentials for POS terminals, which would allow them access to the machines, Clements said.
In many cases, default passwords had not been changed on the terminals, which were located in the U.S., Australia and Canada, he said. In other cases, cybercriminals were successfully trying many combinations of usernames and passwords to find the right one, known as a brute-force attack.
Question?
My suspicious nature leads me to believe all this cyber nonsense is a prelude to the chip or some other device. We have seen the tattoo, and some biochip card that allows financial transactions? I mean never let a crisis go to waste and how come things come in numbers when they want to perform some solution. Before war was 911and other terrorist activities, war and before the rush to get the guns multiple shootings and now financial attacks.
I think my suspicions are on target.
I agree and was going to type something very much the same, My spin on it was going to include the possibility that our government is in on this, or allowing it to happen for these reasons you speak (type)
For all we know deep in behind enemy lines they (TPAB) are pulling this shit on purpose
“The retailers have not been publicly named, but IntelCrawler is providing technical information related to the breaches to law enforcement, Clements said in a telephone interview Friday.”
nice…. good ol’ amerka! land of the dick-head.
‘we lost you credit card info to hackers but f-u public. We aint sayin what stores.’
Probably blame it on that Russian teenager as well.
If it ain’t in your possession, you don’t own it. At least this can’t happen with (fiat) money, due to its physical nature.
Unless you get mugged, of course.