3 Smartest Hacking Ploys of Recent Times: REVEALED

Santosh Nandakumar
By Santosh Nandakumar

February 25, 2015

1. TARGET: PIRATED!

target breach

The truth? Here it is, in full Technicolor detail.

It was, literally, one of the world’s biggest data breaches, so to speak. More than 40,000 million users who used their credit and debit cards at Target stores were compelled to change their passwords or pin numbers due to massive hacking of their retailer checkout systems.

And what was the ace up their sleeve?

Before we proceed into the execution of this underrated genius, let's get this one fact absolutely clear: Those who shopped online at the Target store were comparatively safe as the hack did not happen through their official website - target.com.

Rather, the hackers targeted the physical billing checkout systems in each target store, which is a mind blowing two thousand plus stores across the U.S. and Canada.

The thieves focused their attention on the point of sale (POS) systems. When the patrons swiped their card during billing and punched in their PIN numbers on the key pad, the thieves copied every single number with the pattern.

The hackers glued a skinny pad to the POS machines that were earlier used in the ATM key pads to steal the card numbers and the PINs. When the card was swiped, both the numbers that were punched on the keypad were captured atop the thin pad.

The type of data stolen, also known as track data, allows thieves to create fake or counterfeit cards by encoding information into any "blank" card with a magnetic stripe that can be used to withdraw cash in Automated Teller Machines or online exactly the way a real authentic card works. Interestingly enough, the hackers seem to have appeared twice at the crime location. First time to affix the pad and the second time to remove the pad in order to extract the credit card numbers.

2. ATM: 'All time money' or 'all trust misplaced'?

The story?

An increasing number of ATM breaches were recorded in Europe that used special skimming devices, leaving the banks puzzled on the technique employed.

How was this accomplished you ask? Consider the ingenuity, ladies and gentlemen.

The crooks fitted invisible, razor thin special skimming devices within the card acceptance slot area. These were discovered inside the teller machine slot by the bank technician when the machine’s fatal error alarm was set to off after it was absolutely tampered with. Below is the actual photograph of the skimmer employed in one of the ATM machine.

skimmer ATM

The back view of the skimmer reveals that it had a tiny battery and a tiny memory storage device.

The skimmer device is simply Lithium battery powered and the data storage device is the component that was used to store the card information. The tiny circular area was used to read the card data from the magnetic stripe of the card once it was inserted into the ATM machine.

3. BETRAYED BY EMAILS?

first american

So, what are we looking at this time?

Hackers targeted consumers using Phishing and spoofing communications that looked like official First American emails instructing them to visit a fake site and enter their personal account information.

And the next move on the chessboard?

The thieves intercepted emails from major title agencies that offered wire transfer information for potential purchasers/borrowers to transmit cash for future transactions. The attackers then allegedly substituted and altered the title company’s bank account information with their own account and then waited for the hammer to strike. The unsuspecting borrower have no way of knowing the emails are fake as they  appear to be genuine with title agency’s logo, signature, contact information,  etc.

When the users make the payment directly to the fraud account, as instructed in the emails they received, their transacted cash is lost to the hackers and hence, they become victims to email scam.

The scheme is simple and brilliant: monitor the email traffic of the title agency or the borrower/purchaser and keep track of the future transactions, and then divert emails at exactly the right time, strike when the iron is hot, so to speak.

About the Author
Santosh Nandakumar works as a Senior Security Consultant with Paladion Networks and has wide experience working with some of the top IT companies in the past.


Tags: target breach, atm theft, email theft, Technical

SUBSCRIBE TO OUR BLOG

Buyers-Guide-Collateral

WHITEPAPER

Buyer’s Guide to Managed Detection and Response

Download
MDR

Get AI Powered

Managed Detection and Response

MDR-learmore-btn

 

MDR-Guide-Collateral

REPORT

AI-Driven Managed Detection and Response

Download Report
Episode

EPISODE-25

Red-LineAsset-6

Why Your ‘Likes’ on Facebook May Be Revealing Far More than You Thought

Click URL in the Post for the Full Podacst
  • FacebookAsset
  • LinkedinAsset
  • TwitterAsset