Attackers Hit Clearinghouse Selling Stolen Target Data

  /     /     /  
Publicated : 22/11/2024   Category : security


Attackers Hit Clearinghouse Selling Stolen Target Data


Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.



9 Notorious Hackers Of 2013 (Click image for larger view and for slideshow.)
Two websites specializing in the sale of stolen credit and debit card information -- including cards lifted from Target stores -- appeared to have been knocked offline Monday after an unknown attacker breached and defaced the sites.
Hi subhumans and miscreants, your fraud site is gone now. Go away, read a message left Monday on rescator.so and rescator.cm,
The Wall Street Journal reported
. Part of the Rescator network, the two sites feature Somalia and Cameroon top-level domain names.
The defacement message criticized the sites users and regular fraudsters while offering a shout-out to security journalist Brian Krebs, who was the first to make public the December 2013 Target breach. It also embedded a YouTube music video of Will Smiths Men In Black, the theme song for the 1997 movie of the same name, about a secret organization charged with protecting the Earth from the scum of the universe.
By Tuesday, however, the sites appeared to be back online. Meanwhile, three other sites in the same network -- octavian.su, rescator.cc, and rescator.co, whose top-level domains respectively refer to the former
Soviet Union
,
Cocos Islands, and Colombia
-- appeared to remain online and uninterrupted throughout the interruption.
[Why did Target disregard security warnings? Read
Target Ignored Data Breach Alarms
.]
The hack followed
Rescators customer database
having been stolen and published to the Internet, Krebs reported.
Rescator has been selling stolen card data -- from Target,
Neiman Marcus
, Sally Beauty Supply, and others -- in batches, marketed under such names as Beaver Cage, Desert Strike, Eagle Claw, and Krass. The latest batch of credit cards to be offered for sale via the Rescator sites appeared on March 11, dubbed Great Pompeii. The site accepts payment via wire transfer services such as Western Union and MoneyGram ($500 minimum), e-currency service Perfect Money, or
cryptographic currencies such as Bitcoin
and Litecoin.
Selling in batches helps prevent the black market from being flooded with stolen-card data, thus undercutting sale prices. Unfortunately for cardholders, that release strategy means that data breach victims -- consumers, not the businesses that lost their data -- might not experience ID theft or related fraud until many months after a breach. According to fraud protection firm Easy Solutions, for example, card data stolen from Target in December 2013 may
show up on black-market forums
until 2015.
But the owner of the Rescator carder forums (the name Rescator appears to have been also used as a persons handle on other underground forums) may have done more than simply created an eBay for fraudsters stolen card data. Rescator was cited in an IntelCrawler report as being among the
buyers of the BlackPOS malware
thats designed to infect point-of-sale (POS) systems. In fact, a version of that malware was used to
compromise Target
.
Furthermore, in January, McAfee Labs reported that the
uploader associated with the customized version of BlackPOS
that was used to hack Target included the following compiler string:
z:ProjectsRescatoruploaderDebugscheck.pdb.
Information security researchers at McAfee suggested that was one likely clue as to the actor behind the campaign.
In related news, Sally Beauty Holdings, a $3.6 billion professional beauty supplies retailer and distributor, said Monday that digital forensic investigators from Verizon have discovered that a recent network breach resulted in the theft of credit and debit card information. As with Target, the breach was first made public by security reporter Brian Krebs, who suggested that as many as 282,000 cards may have been stolen from the companys stores and e-commerce operation, and that the theft appeared to trace to the
same crew that hacked Target
.
The Rescator cards stolen from Target were
indexed by Target store ZIP code
. My suspicion is the same with Sally Beauty, Krebs said via Twitter.
To date, Sally Beauty has confirmed only that attackers stole credit and debit card data for some cardholders who shopped at its retail stores. We have now discovered evidence that
fewer than 25,000 records
containing card-present (track 2) payment card data have been illegally accessed on our systems and we believe it may have been removed, read a statement released Monday by Sally Beauty.
Track-2 data refers to hidden information encoded in a cards magnetic stripe, which provides an authentication code that a processor can use to verify that the card is physically present. Together with track-1 data -- which includes a cardholders name, account number, card expiration date, and CVV code -- criminals could create working counterfeit cards loaded with the stolen information.
In a related Q&A, Sally Beauty Holdings suggested that all customers
watch their credit and debit statements for signs of fraud
.
Sally Beauty also promised to offer regular updates about the breach and to continue working with both Verizon and the US Secret Service. To date, however, it hasnt responded to Krebss report that up to 282,000 of its customers credit and debit cards may have been compromised in the breach.
As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation, the company said. As a result, we will not speculate as to the scope or nature of the data security incident.
Cyber-criminals wielding APTs have plenty of innovative techniques to evade network and endpoint defenses. Its scary stuff, and ignorance is definitely not bliss. How to fight back? Think security thats distributed, stratified, and adaptive. Read our
Advanced Attacks Demand New Defenses
report today. (Free registration required.)

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Attackers Hit Clearinghouse Selling Stolen Target Data