http://blogs.forbes.com/firewall/2010/03/12/hancock-fabrics-hackers-switch-stores-pin-pads/ By Andy Greenberg The Firewall Forbes.com March 12, 2010 Targeting point-of-sale devices with malicious software is standard practice, as the wave of retail hackings over the last few years have shown. But targeting them with malicious hardware -- that requires another level of brazenness altogether. According to a letter that retailer Hancock Fabrics sent out to its customers last week, the swipe and type PIN pad gadgets used in debit and credit card transactions in several of its Wisconsin stores were actually stolen and replaced with "visually identical, but fraudulent, PIN pad units." Hancock Fabric didn't reveal the number of victims affected by the scheme, and hasn't responded to our request for more information. And this is nothing new, apparently. Wendy's, for instance, suffered from a similar pad-switching breach as early as 2007. But when we spotted this in the Identity Theft Resource Center's breach report, we were impressed nonetheless: Imagine the criminal guts required to walk into a retail store, steal the PIN pad next to a register, and plant your own, malicious look-a-like under the nose of one of your victims' employees. [...] ___________________________________________________________ Register now for HITBSecConf2010 - Dubai, the premier deep-knowledge network security event in the GCC, featuring keynote speakers John Viega and Matt Watchinski! http://conference.hitb.org/hitbsecconf2010dxb/Received on Sun Mar 14 2010 - 23:24:10 PDT
This archive was generated by hypermail 2.2.0 : Sun Mar 14 2010 - 23:38:24 PDT