Updated 4:30 p.m. PST with news of the hacker attack on the state-owned Zimbabwe newspaper
Many people are worried about hackers stealing their data when they buy things or bank online, but it's turning out that even an innocent trip to a restaurant or supermarket can be risky.
Three men from the Ukraine, Estonia, and Miami, were indicted on charges related to stealing credit card data by hacking into cash register terminals at nearly a dozen Dave & Buster's chain of restaurants around the country, according to the Department of Justice.
The men gained unauthorized access to the cash register terminals and installed packet sniffer software that captured credit and debit card data as it moved from the terminal to the company's corporate headquarters and the data processor's computer system. The hackers then sold the stolen data to others who used it to make purchases and resold it, officials said.
One location alone captured data for about 5,000 cards, leading to losses of at least $600,000 to financial institutions, the DOJ said.
Earlier this month, California police said a credit and debit card reader in a checkout aisle at a Lunardi's supermarket in Los Gatos, Calif., was switched and more than 100 customers had their data stolen as a result.
The victims were losing an average of $1,000 from their bank accounts, the MSNBC report said.
In other hacker-related news, attackers shut down the Web site of Zimbabwe's state-owned Herald newspaper for three days, Reuters reported.
Visitors to the site were redirected to the site of a state-owned Sunday newspaper, and headlines were replaced by the word "Gukurahundi," which refers to a campaign of atrocities Zimbabwe's government has been accused of committing after independence, the report said.
You think your personal information is priceless. But everything has a price, even your stolen bank account information.
McAfee Avert Labs has discovered a price list that criminals use to buy and sell credit card numbers, bank account log-ins, and other consumer data that have been filched from unsuspecting Web surfers.
"Last Friday morning in France, my investigations lead me to visit a site proposing top-quality data for a higher price than usual," writes Francois Paget of McAfee. "But when we look at this data we understand that as everywhere, you have to pay for quality."
For example, a Washington Mutual Bank account in the U.S. with an available balance of $14,400 is priced at 600 euros ($924), while a Citibank UK account with an available balance of 10,044 pounds is priced at 850 euros ($1,310).
There's even a guarantee that if the buyer is unable to log into the account within 24 hours, maybe because the owner of the data canceled the account, the buyer can get a replacement stolen account to use.
Criminals can even buy skimmers, fake face-plates for ATM machines that steal credit card data when the card is swiped, and so-called "dump tracks" used to create fake credit cards, the McAfee blog entry says.
This follows on news earlier this week from Web security company Finjan of the discovery of a server containing stolen consumer and business data. Finjan said it found a server controlled by hackers that had more than 1.4 gigabytes of data--more than 5,000 log files--stolen from infected PCs. The stolen data included consumer and business e-mails, as well as health care patient data and bank customer data from individuals, financial institutions, law enforcement agencies, and other companies around the world.
Screenshot of price list for stolen credit card numbers and available balance amounts discovered on the Web by McAfee Avert Labs.
(Credit: McAfee Avert Labs)Fraud Sciences, which has developed systems that cut down on credit card fraud, has received $11 million in a new round of funding, according to VentureBeat. The lead investor was Redpoint Ventures.
The company has devised what it calls the SpotLight transaction verification system, which essentially confirms that the customer trying to use a credit card number on a computer is the owner of the credit card. The system cuts down on fraudulent transactions, but also lets merchants accept transactions that seem to be a bit suspicious, but in fact are genuine (i.e. a husband on an international business trip uses a card in Asia, while his wife is making a transaction with the same joint account in San Francisco. It looks suspicious but it is legit. I know. This just happened, and it took a panicky phone call from me to get the card reactivated.)
The system relies on behavioral analytics and real-time fraud intelligence tools.
"If we approve a transaction that is ultimately found to be fraudulent, we will cover the full amount we approved. Period," the company's Web site says. The company lists a boatload of customers on its site. The guarantee goes to merchants who buy the services, but consumers benefit as well.
Although based in Palo Alto, Calif., the company comes out of Israel. The CTO held senior positions in the Israeli Defense Forces, which is sort of a finishing school for the security industry.
In an audacious feat, someone posing as approximately 1,200 different eBay users posted credit card information to eBay's Trust & Safety forum. For the time being, eBay has suspended access to the forum.
In a statement on the site, eBay insists that the credit card information posted does not match the accounts on record for those individuals. eBay further believes the postings were part of a hoax. That could explain the mismatch between the account information and the credit card information.
Earlier, a YouTube.com video showed the postings as they appeared on the forum. YouTube has since removed the video as a violation of its terms of use.
Years ago, the method used by criminals to see whether a stolen credit card was still active was to charge a penny to the account. If it was authorized, the criminal could then purchase more substantial goods using that card. Credit card companies and banks have both gotten wiser. Today, they look for penny purchases as well as random gas station purchases, for example, as early warning flags. Well, the criminals may have outsmarted everyone this time.
According to a Symantec enterprise security blog, criminals are now attempting to pay small amounts to various charities, including the Red Cross. The criminals can determine the value of the stolen card depending on the success or failure of the transaction. Active credit card accounts sell for higher values on the Internet black market.
Symantec believes that bank behavior monitors, the services that flag inappropriate use of your credit card, are less likely to pick up on such transactions. Given the random nature of charitable donations, banks would be unable to determine whether such activity is out of the norm.
This raises some ethical issues as well. The charities need the money. And you might not be too upset to learn that you have donated, given that you can claim it on your taxes. But unless you are monitoring your credit statements online, you might not otherwise know that your card has been stolen. You certainly don't want to get stuck paying for online electronics purchases earmarked for addresses in Eastern Europe.
(Credit:
MagnePrint)
The way the particles land on a given credit card's magnetic stripe are as unique as individual snowflakes or human fingerprints--or so says a Magtek, the company that developed, MagnePrint, which records the unique magnetic media signature for all credit and debit cards scanned through its readers. The first scan by a MagnePrint reader creates a template against which all subsequent scans are compared.
MagnePrint is designed to prevent "skimming." Online carders buy credit-card information from a black-market database, then copy that information onto a blank physical card using a machine that costs about $250. The skimmed card is then used in an ATM or a retail environment, as though it were the original card, until the credit or debit limits are maxed.
Using MagnePrint, faux cards are identified quickly. Even if you were to rerecord the magnetic stripe information onto your credit card a second time (say you damaged your first card and seek a replacement), the magnetic particles on the second card would not match the original and would be flagged. The results are given in percentages, with around 80% considered to be enough of a match. The bank always has the ability to accept or deny the recommendations.
(Credit:
World of Warcraft)
The notion of "frequent gamer rewards" has been tossed around by trend specialists and pundits (like MAKE Magazine's Philip Torrone) for some time now as online gaming becomes more and more profitable and increasingly entrenched in mainstream culture. Now, it's a reality with the World of Warcraft Visa credit card.
You can apply for it now. With your first purchase on the card, according to the World of Warcraft site, you'll earn a free month of game time.
But you won't be able to buy yourself new weapons by using this card. The WoW Visa does not earn you virtual currency--rather, you accrue game time toward your subscription. It's unclear what the thinking was behind this decision, but it's true that there has been some controversy about bridging the gap between virtual and real-world currency, most notably the eBay ban on virtual goods earlier this year.
You can't brand the World of Warcraft credit card with your avatar (yet), but you can choose from 13 total designs. Whether or not you want to use this card when you pick up the tab on a first date, however, is up to you.
(Link via Boing Boing)
- prev
- 1
- next
