U.S. Department of Labor Recovers Money In Several Employer-Operated Retirement Plans
Study: Princeton Researchers Predict Facebook Will Lose Millions of Users Within Three Years

Slowly Details Emerge About The Hacking Techniques In The Massive Target Data Breach

Target Bullseye logo Slowly, details emerge about the sophisticated teniques hackers used in the massive Target data breach, where debit- and credit card payment information about 70 million shoppers was stolen. The hackers used a sophisticated tactic.

NBC News reported that the hackers infected the retailer's point-of-sales (PoS) computers and cash registers with a specific type of computer virus software designed to steal shoppers' payment information at a specific point during the purchase process when that data is most vulnerable:

"The data breach was caused by a type of malware, similar to a computer virus, placed in a store's point-of-sale systems... The insidious file triggers a "hook" and starts to suck up information on transactions in the memory of the cash register system or the server that controls it. Since the data on credit cards is encrypted, the system works by getting it in the authorization stage while it is in the memory of the PoS system, unencrypted."

According to ComputerWorld, the specific malware is Trojan POSRAM:

"... the POSRAM Trojan as a customized version of BlackPOS, a piece of malware that has been available in the cyber underground since at least last February. Like BlackPOS, the POSRAM Trojan is designed to steal a card's magnetic stripe data while it is stored momentarily in a POS system's memory... the malware monitors the memory address spaces on the device for specific information. When it finds something of interest, the software saves the data to a local file and then transfers it to the attackers at preset times. It then is coded to delete the local file to cover its tracks.."

The hacking tactic was mentioned in a report by the computer firm iSight Partners, which was submitted to the U.S. Secret Service.

InfoWorld reported that the stolen debit/credit card information was sent to a server in Russia. And, the hackers have more stolen data than they can use; which means they are reselling it to other criinals.

It seems that this hacking tactic poses little risk to criminals and a big risk to PoS systems used by many retailers in the United States.


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.