[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] How hackers gave Subway a $3 million lesson in point-of-sale
From: InfoSec News <alerts () infosecnews ! org>
Date: 2011-12-22 8:39:44
Message-ID: alpine.DEB.2.02.1112220239340.16695 () infosecnews ! org
[Download RAW message or body]
http://arstechnica.com/business/news/2011/12/how-hackers-gave-subway-a-30-million-lesson-in-point-of-sale-security.ars
By Sean Gallagher
Ars Technica
December 21, 2011
For thousands of customers of Subway restaurants around the US over the
past few years, paying for their $5 footlong sub was a ticket to having
their credit card data stolen. In a scheme dating back at least to 2008,
a band of Romanian hackers is alleged to have stolen payment card data
from the point-of-sale (POS) systems of hundreds of small businesses,
including more than 150 Subway restaurant franchises and at least 50
other small retailers. And those retailers made it possible by
practically leaving their cash drawers open to the Internet, letting the
hackers ring up over $3 million in fraudulent charges.
In an indictment unsealed in the US District Court of New Hampshire on
December 8, the hackers are alleged to have gathered the credit and
debit card data from over 80,000 victims.
"This is the crime of the future," said Dave Marcus, director of
security research and communications at McAfee Labs in an interview with
Ars. Instead of coming in with guns and robbing the till, he said,
criminals can target small businesses, "root them from across the
planet, and steal digitally."
The tools used in the crime are widely available on the Internet for
anyone willing to take the risks, and small businesses' generally poor
security practices and reliance on common, inexpensive software packages
to run their operations makes them easy pickings for large-scale scams
like this one, Marcus said.
[...]
_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic