http://arstechnica.com/business/news/2011/12/how-hackers-gave-subway-a-30-million-lesson-in-point-of-sale-security.ars By Sean Gallagher Ars Technica December 21, 2011 For thousands of customers of Subway restaurants around the US over the past few years, paying for their $5 footlong sub was a ticket to having their credit card data stolen. In a scheme dating back at least to 2008, a band of Romanian hackers is alleged to have stolen payment card data from the point-of-sale (POS) systems of hundreds of small businesses, including more than 150 Subway restaurant franchises and at least 50 other small retailers. And those retailers made it possible by practically leaving their cash drawers open to the Internet, letting the hackers ring up over $3 million in fraudulent charges. In an indictment unsealed in the US District Court of New Hampshire on December 8, the hackers are alleged to have gathered the credit and debit card data from over 80,000 victims. "This is the crime of the future," said Dave Marcus, director of security research and communications at McAfee Labs in an interview with Ars. Instead of coming in with guns and robbing the till, he said, criminals can target small businesses, "root them from across the planet, and steal digitally." The tools used in the crime are widely available on the Internet for anyone willing to take the risks, and small businesses' generally poor security practices and reliance on common, inexpensive software packages to run their operations makes them easy pickings for large-scale scams like this one, Marcus said. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Thu Dec 22 2011 - 00:39:44 PST
This archive was generated by hypermail 2.2.0 : Thu Dec 22 2011 - 00:43:41 PST