Purchasing goods with credit and debit cards at point-of-sales terminals is becoming increasingly risky. A few months prior, Target’s massive security breach leaked 40 million credit and debit card numbers from cash registers running a Microsoft Windows-based software. More recently, several banks are reporting that the Home Depot lapsed into a similar same sinkhole – quite literally – as sources close to the ongoing investigation reveal that the hardware giant was hit with the same malware as Target.
KrebsOnSecurity, the “in-depth security news and investigation” blog run by security expert Brian Krebs, was the first source to break the news last Tuesday of Home Depot’s security troubles, claiming that multiple banks traced a series of card-related frauds back to Home Depot locations across the nation. A source involved in the investigation stated that multiple registers belonging to the retailer were infected with a strain of the “BlackPOS,” the same BlackPOS that was discovered on Target’s point-of-sale system back in December.
The BlackPOS malware enables credit or debit card data to be snagged every time the card was used at the infected point-of-sale. Moreover, the data was placed on sale at Rescator[dot]com, the dark web shop belonging to the cybercriminal, Rescator, where the 40 millions of cards Target card numbers were sold.
Krebs observed that certain clues contained within the malware’s code suggest that the Home Depot breach had been occurring for months. Furthermore, nine more batches of stole cards appeared on Rescator in the last few days, all under the same label assigned to the first two batches that notified U.S. banks to a pattern of card fraud stemming from Home Depot. Finally, the card numbers stolen from Target were also sold in a batch-like manner on Rescator over the course of three months.
What’s more, Krebs points out that the hack may have been politically motivated. A few strings of code embedded in BlackPOS’ link to news, editorial articles, and cartoon related to anti-American propaganda. A separate string leads to an image of the current conflict between the pro-Russian separatists and the Ukrainian forces. When Krebs himself traced Rescator’s multiple online personas, he found a young programmer in Odessa, Ukraine.
Whatever the case, it appears every few months some massive data breach is uncovered, suggesting that a good security practice would be to periodically replace one’s credit cards.
Update 9.9.14: Home Depot admits that 60 million credit card and debit numbers were stolen.
Learn more about Electronic Products Magazine