Two Romanian nationals have plead guilty for participating in an
international, multimillion-dollar scheme to remotely hack into and
steal payment card data from hundreds of U.S. merchants’ computers,
including a great number of Subway restaurants. Federal prosecutors
noted that the conspiracies involved more than 146,000 compromised cards
and more than $10 million in losses.
Iulian Dolan and Cezar Butu agreed to serve seven year and 21 month
prison sentences respectively. Dolan, 28, of Craiova, Romania, pleaded
guilty to one count of conspiracy to commit computer fraud and two
counts of conspiracy to commit access device fraud, while Butu, 27, of
Ploiesti, Romania, pleaded guilty to one count of conspiracy to commit
access device fraud. A third co-conspirator, Adrian-Tiberiu Oprea, is
currently awaiting trial in New Hampshire. The defendants admitted in
their guilty pleas, that during a period roughly from in or about
2009-2011, they participated in Romanian-based conspiracies, to hack
into hundreds of U.S.-based computers to steal credit, debit and payment
account numbers and associated data. They then used the stolen payment
card data to make unauthorized charges on, and/or transfers of funds
from, those accounts (or alternatively to transfer the stolen payment
card data to other co-conspirators who would do the same).
The official judgment
is a warning signal to all operators concerning POS security and
describes how the hackers carried out the scheme. According to the
official judgement, Dolan admitted that he, along with Oprea, remotely
hacked into U.S. merchants’ point of sale (POS) where customers’ payment
card data was electronically stored.
“Specifically, Dolan first remotely scanned the internet to
identify U.S.-based vulnerable POS systems with certain remote desktop
software applications (RDAs) installed on them. Using these RDAs, Dolan
logged onto the targeted POS systems over the internet. These were
typically password-protected, so Dolan would attempt to crack the
passwords, where necessary, to gain administrative access. He would then
remotely install software programs called ‘keystroke loggers’ (or
‘sniffers’) onto the POS systems. These programs would record, and then
store, all of the data that was keyed into or swiped through the
merchants’ POS systems, including customers’ payment card data.”
The co-conspirators hacked into several hundred U.S. merchants’ POS
systems. It was reported that Dolan stole payment card data belonging
to approximately 6,000 cardholders and was aware that Oprea was engaged
in similar conduct. Dolan would periodically remotely hack back into the
compromised merchants’ POS system
to retrieve the card data that he would transfer to electronic “dump
sites,” where the data would then be used to make unauthorized chargers
and transfers or sold to other conspirators.
“The Subway case is a clear indication that privileged and
administrative accounts are increasingly targeted and used by criminals
to steal sensitive information,” says Adam Bosnian, vice president of
products, strategy and sales at Cyber-Ark Software www.cyber-ark.com.
“In this case, the attackers were able to simply do an Internet search
for remote desktop applications that were used by the restaurants, and
through simple password cracking techniques, they were able to gain
administrative access to the systems. This enabled them to easily steal
sensitive financial information from unsuspecting customers.”
Bosnian contends that often sensitive accounts are protected by
passwords that are too simple or default passwords that are rarely
changed. This case is a warning to operators utilizing POS systems to
shore up their security by taking steps to make their accounts more
difficult to breach and therefore less attractive to hackers.
“These privileged and administrative accounts act as a gateway to
any organization’s most sensitive information, which is why they’ve
emerged as the primary target for attackers,” Bosnian continues, “The
reality is that anyone with an Internet connection can search for,
identify and target remote applications that businesses rely on – the
problem facing the industry is that there is not sufficient security and
protection around the entry points to these applications. Once inside,
attackers have free reign on the network. If you examine the list of the
recent, high-profile data breaches that have plagued organizations,
including Global Payments, the U.S. Chamber of Commerce, the Utah
healthcare breach, etc…, the common denominator is that the attackers
focused on gaining access to the privileged or administrative
accounts.”
- Thanks to HT
- Thanks to HT
No comments:
Post a Comment