An Eastern European crime syndicate has hacked into a small Australian business and stolen details of half a million credit cards from the company’s network.
It was suspected the attack could result in more than $25 million in fraudulent transactions.
The Australian Federal Police, together with foreign national law enforcement agencies, are preparing to raid an unknown number of syndicate members to prosecute them.
Detective Superintendent Brad Marden told CRN sister site SC Magazine that the major banks had placed the cards on high alert, pre-empting a spate of fraudulent transactions should the cards be sold off on underground criminal forums.
A sell-off seems likely. The syndicate appears to be behind the December 2011 hack of US Subway Restaurants in which four Romanian nationals were charged for millions of dollars in credit card fraud that affected some 80,000 customers.
In both cases, the syndicate captured credit card details using keyloggers installed within Point of Sale (POS) terminals and siphoned the data through an insecure open connection on Microsoft’s Remote Desktop Protocol (RDP).
The syndicate found its victims by scanning the internet for vulnerable POS terminals.
Marden would not name citing the affected business due to an ongoing criminal investigation, but it is understood it operated a highly vulnerable network from which the 500,000 credit cards were stolen.
Its network was protected with default passwords and carried both benign and unsecured transactional data. The company had left RDP activated so it could monitor stocks.
“The network was setup by some local suppliers who didn’t understand IT security,” Marden said.
“It was a disaster waiting to happen.
“[The syndicate] has moved into other countries to attack with the same methodologies, and [the attacks] will happen again sometime in the future.”
Authorities were tipped off to the hack by the banks, which have since placed the credit cards into lockdown.
The authorities also worked with private sector businesses including Verizon during the investigation.
Despite the potential for millions of dollars of fraud to result from the theft, Marden said the attack was neither complex, nor large compared to other data breaches around the world.
“It’s not massive in the larger scheme of things,” he said.
“By far the majority of the work that we’re involved in doesn’t involve uber-technical hackers; they are buying exploit kits and doing SQL Injection all as a result of [a victim’s] poor coding practices.”