СПІЛЬНО БАЧЕННЯ  ::  ІНОЗМІ
Переклади, аналітика, моніторинг - Україна (і не лише) очима іноземних ЗМІ
         Головна        
        Політика        
      Human rights      
  Міжнародні відносини  
        Культура        
          Спорт         
        Більше...       

Знайдено на сайті:Business Insider
Мова:9 (English / English)
Заголовок:

The Incredibly Clever Way Thieves Stole 40 Million Credit Cards From 2,000 Target Stores In A 'Black Friday' Sting (TGT)

Резюме:

Target canada shoppers

Forty-million people who used credit or debit cards at Target stores between Thanksgiving and Dec. 15 must now change their PIN numbers or passwords, or get new cards, following a nationwide hack of the retailer's checkout systems.

You may not like the fact that these hackers pulled off such a massive — and massively inconvenient — sting.

But you've got to admire their ingenuity.

First, note that the hack did not go through Target.com, the retailer's online website. If you shopped online at Target, your credit card info is probably safe.

Rather, the hackers went through the physical checkout systems inside every Target store. That's nearly 2,000 stores: 1,797 stores in the U.S. and another 124 in Canada. The hack focused on Target's point-of-sale, or POS system. As shoppers swiped or punched in their numbers on the checkout keypad, the hackers copied every single number, according to Brian Krebs, whose tech security blog has broken scoop after scoop on password hacking.

Previously, criminals who wanted to take credit card numbers and the PIN numbers that went with them would have to use a clumsy real-world subterfuge. They would fix a thin pad on top of an ATM's key pad, and capture both the credit card number as it swiped in and out through the pad's card slot plus the PIN as it was punched in on the keypad. Those numbers allow you to create dummy cards from "blank" cards with magnetic strips on them that can be used in ATMs or online to withdraw cash in exactly the same way a real card works.

But you can only get a few hundred cards a day that way, one machine at a time. And the hackers have to appear at the scene of the crime twice — once to install the pad and once to remove it — in order to get their numbers.

The Target thieves appears to have scaled up their skimming operation so that Target's POS system skimmed numbers across the entire store system. That probably involved installing malware that spread itself throughout Target's brick and mortar stores, according to the New York Times:

To pull it off, security experts said a company insider could have inserted malware into a company machine, or persuaded an unsuspecting employee to click on a malicious link that downloaded malware that gives cybercriminals a foothold into a company’s point-of-sale systems.

The thieves now have 40 million blank cards with correct numbers and PINs, and can withdraw cash from ATMs at their leisure.

A bunch of similar ripoffs have occurred at major retailers recently. Sixty-three Barnes & Noble stores were stung last year. In 2007, retailer TJ Maxx (TJX) learned thieves used its store’s wireless networks to access systems at its HQ where card data was stored. They scooped 45 million cards. And in 2009, credit card processor Heartland Payment Systems lost 130 million card numbers when hackers installed malware on its internal systems.

Remarkably few people are behind the ambitious heists. Back in July, prosecutors brought charges against five people — four Russians and a Ukrainian — who allegedly lifted 160 million credit cards from J.C. Penney, 7-Eleven, Nasdaq OMX Group, JetBlue Inc., and others over several years.

Join the conversation about this story »


    






Посилання:http://www.businessinsider.com/target-credit-card-hackers-2013-12?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+businessinsider+(Business+Insider)
google translate:  переклад
Дата публікації:19.12.2013 17:33:00
Автор:
Url коментарів:
Джерело:
Категорії (оригінал):
Додано:19.12.2013 16:12:58




Статистика
За країною
За мовою
За рубрикою
Про проект
Цілі проекту
Приєднатися
Як користуватися сайтом
F.A.Q.

Спільнобачення.ІноЗМІ (ex-InoZMI.Ruthenorum.info) розповсюджується згідно з ліцензією GNU для документації, тож використання матеріалів, розміщених на сайті - вільне за умов збереження авторства та наявності повного гіперпосилання на Рутенорум (для перекладів, статистики, тощо).
При використанні матеріалів іноземних ЗМІ діють правила, встановлювані кожним ЗМІ конкретно. Рутенорум не несе відповідальності за незаконне використання його користувачами джерел, згадуваних у матеріалах ресурсу.
Сайт є громадським ресурсом, призначеним для користування народом України, тож будь-які претензії згадуваних на сайті джерел щодо незаконності використання їхніх матеріалів відхиляються на підставі права будь-якого народу знати, у якому світлі його та країну подають у світових ЗМІ аби належним чином реагувати на подання неправдивої чи перекрученої інформації.
Ruthenorum/Спільнобачення Copyleft 2011 - 2014