Search This Blog

Showing posts with label Credit Card hack. Show all posts

Data Breach: Data of 168 Million Citizens Stolen and Sold, 7 Suspects Arrests

A new case of a massive data breach that would have had consequences over the national security has recently been exposed by Cyberabad Police. The investigation further led to the arrest of seven individuals hailing from a gang, allegedly involved in the theft and sale of the sensitive government data and some significant organizations, including credentials of defense personnel as well as the personal and confidential data of around 168 million citizens. 

The accused were discovered selling data on more than 140 distinct groups of individuals, including military personnel, bank clients, energy sector consumers, NEET students, government employees, gas agencies, high net worth individuals, and demat account holders. 

Another category of victims include Bengaluru women’s consumer data, data of people who have applied for loans and insurance, credit card and debit card holders (of AXIS, HSBC and other banks), WhatsApp users, Facebook users, employees of IT companies and frequent flyers. 

"When an individual calls the toll-free numbers of JustDial and asks for any sector or category related confidential data of individuals, their query is listed and sent to that category of the service provider. Then these fraudsters call those clients/ fraudsters and send them samples. If the client agrees to purchase, they make payment and provide the data. This data is further used for committing crime," stated the commissioner. 

The accused gang apparently operated via registered and unregistered organizations: Data Mart, Infotech, Global Data Arts and MS Digital Grow. 

The accused were found to have access to 2.5 lakh defense personnel's sensitive data, including their ranks, email addresses, places of posting, etc. The thieves gained access to the data of 35,000 Delhi government employees, 12 million WhatsApp users, 17 lakh Facebook users, and 11 million customers of six banks. Also, the defendants had access to information on 98 lakh applicants for credit cards. 

Main suspect Kumar in Noida, Nitish Bhushan had created a call center and obtained credit card records from Muskan Hassan, another defendant. The other suspects, Pooja Pal and Susheel Thomar were reportedly operating as tele-callers at Bhushan’s call center. While, Atul Pratap Singh's business, "Inspiree Digital," gathered credit cardholder data and profitably marketed it. Atul's workplace had employed Muskan as a telemarketer before she started her own business, "MS Digital Grow." She served as a middleman, selling data. She organized the data that Atul had provided and sold it to Bhushan. 

Sandeep Pal founded Global Data Arts and sold private consumer information to fraudsters engaging in online crimes through Justdial services and social media platforms. The seventh defendant, Zia Ur Rehman, shared the database with Atul and Bhushan and offered bulk message services for advertising.  

Here's How a Lost Wallet Becomes a Nightmare for Your Credit and Identity


Theft of identity and the establishment of bank accounts in your name can result from losing your wallet. That can result in years of battling false creditors and claims, building up bad credit. Jessica Roy, an assistant editor on the utility journalism team at the Los Angeles Times, experienced this. 

In 2018, she claims that her wallet was stolen from her purse at a pub, but she didn't pay it much attention. 

I actually didn't keep that much in there. My driver's license, some cash, and a few credit cards were all there. The following day, I discovered they had completed a few transactions. I changed the cards and got those backward. I initially believed it to be the conclusion, Roy stated. 

But in the middle of January 2019, she began receiving a tonne of letters. “It was like, ‘Congratulations on your new Bank of America account. Congratulations on your new Wells Fargo account. We're following up on your Target card inquiry.’ And I realized they were using my identity to start opening new accounts.” 

Roy speculates that the hackers might have secured her social security information through the dark web. According to her reporting, that is typical. Many people dismiss the frequent data breaches and online intrusions that result in the theft of personal information like passwords or social security numbers. 

Roy claims that nobody is secure. She discussed the 2017 Equifax hack, which affected 147 million Americans, in her blog. That comes from a credit bureau and is private information. Our every financial move is being tracked by the credit bureaus, who aren't even protecting our data, which is why we need to keep our identity so secure. 

She always believed that because she was a reporter and was being thorough, she would be able to thwart false claims and transactions. 

I never imagined that I would experience this. And when it happened, I said to myself, "You know what, I'm going to start doing something." I'll be in control of this. I'm going to call the banks and demand that they put things right. And that will be the conclusion of it. And they're going to take care of it and shut these accounts in a really friendly manner. And everything will be a closed book. But it persisted. 

In Roy's instance, some arrests eventually took place, which she claims is unusual. “It wasn't because ‘oh, the police dug into my crime and worked night and day to solve this.’ It's because [the suspects] were pulled over and arrested for something else. And incidentally, they happened to have a bunch of my identity material in the car with them.” 

Roy claims that despite their repeated attempts, the criminals were unable to access her bank and email accounts because they were secured. Things like two-factor authentication stopped future problems from getting worse. 

“They called me impersonating my bank and asked me to repeat my password as if it were a security question. And I realized I was like, ‘Oh my God, this is them. They're calling me on Christmas to try and steal my identity some more,” she further added. I really think the conclusion that I came to in experiencing this and reporting this story is that yes, there are steps you can take. Nothing is foolproof, and this is a systemic issue that has to be addressed.” 

Roy advises users to proactively freeze their credit cards and set up two-factor authentication for each account, including email and bank accounts, to lessen the risk of identity theft.

Fraudsters swiping cloned cards abroad

An official at the Ministry of Home Affairs has filed a complaint with the Delhi police saying that transactions worth ₹67,000 were made from her debit card in the US and that her card was cloned.

The transactions were made in dollars at a US apparel store, according to the police complaint filed by the MHA official.

The official said that she became aware of the fraud on the morning of June 7 when she saw several messages on her phone regarding transactions made at different US stores between 1:35 am and 2:09 am. She also said that she had received some OTP messages and alerts linked to the same debit card before.

According to a report by the Times of India, the complainant said that she had her phone and card with her the whole time the transactions took place and she only got to know about them in the morning.

While she couldn’t block the card herself, it was automatically blocked by the bank a few minutes later after they reportedly recognized the suspicious activity. She also received messages asking to authorize further transactions, even after her card had been blocked.

This is not the first time an MHA official has filed such a complaint with the Delhi police, with three to four officials having reported the same a few months ago.

The police suspect that the crooks may be using malware to collect credit card details, then creating a virtual card to withdraw money or make online transactions. Usually in the case of cloned credit cards, fraudsters use skimmer machines to copy card details while it is being swiped, which can be bought for as low as ₹7,000.

Youth Loses Rs 88,516 In Yet Another Incident Of Credit Card Cheating.

A youth from Thiruvananthapuram reported Credit-card extortion to the tune of Rs. 88,516 through his SBI credit card on Thursday.

Working in an automobile showroom, Hari Kumar, a local of Poojappura, proclaimed to have lost Rs. 88,516 through a solitary exchange. The exchange had occurred through PayPal, a "digital" wallet, around 11.45 a.m.

Not long after receiving a SMS alert, Kumar contacted the bank and simultaneously blocked the card. With the transaction being finished without the need of a "one-time-password" (OTP), authorities of the bank were dubious that it could have been conscripted from outside the nation.

 Kumar later added that he came to know from the digital cell that no less than three comparative cases were still pending before the police.

The Dissensions however, have been submitted to the District Police Chief of the Thiruvananthapuram city as well as the Cyber Cell.

Delving into PoSeidon malware

News of data breaches that have been occurring through card usage at infected point of sale (PoS) systems at retailers has become common now-a-days. There being a huge market for stolen credit card information, the companies are being targeted with newer and sophisticated malwares.

How do these malwares exactly work? During investigation of the cases of breaches, CISCO security solutions have discovered the working mechanism a new malware family which has been nicknamed PoSeidon malware.

The infection of the PoS system possibly arises from a keylogger which after getting installed deletes the profile log in information i.e passwords stored on the system. This forces the user to type down the information which gets recorded by the keylogger and sent back to the server which can then access the system remotely to infiltrate it with the Loader malware to steal card information.

What the Loader does is, it tries to get itself installed in the PoS system as a service that is run as Winhost, so that it can survive reboots of the system. This step is called persistence by which it maintains hold on the system. It then connects to the hardcoded command and control servers, which then sends the second executable part of the malware called the FindStr.

It also simultaneously installs another keylogger. FindStr goes through data on the infected system to look for number sequences that start with 6, 5, 4 with a length of 16 digits (Discover, Visa, Mastercard) or 3 with a length of 15 digits (AMEX).

It then runs the Luhn algorithm to verify whether its card information or not and sends the information along with data from keylogger to the exfiltration servers from where it can be harvested for further usage.

The malware can also update itself depending on communication from external server. Further investigation shows that developers are working to use these in other newer projects.Faced with such persistent threats organizations need to be vigilant and adopt a threat-centric approach to provide security during the full attack continuum – before, during, and after an attack.

LAX Police investigating credit card breach at Tom Bradley International Airport

Police have begun investigating what appears to be a credit card fraud at one of the shopping vendors at the Tom Bradley International Airport.

The police are being reclusive on the matter and haven failed to comment what led them to finding out about the credit card breach. They have also refused to tell the press about which shopping vendor might have been compromised for card payments. No suspects have been identified as of yet by the police.

The Tom Bradley International Airport is the sixth busiest airport in the world, and the third in United States. The terminal has three levels and 18 gates and 39 airlines operate out of their. There are dozens of vendors present throughout the airport.

LAX Police have asked anyone who finds unauthorized charges on their card statements at the airport terminal after March 4 to call  (424) 646-6100 immediately.

Credit Card breach at Zoup puts NEXTEP in a soup

Eating out at Zoup? Be careful while using the credit card.
Thousands may be affected by a credit card breach that originated at the popular point-of-sale vendor NEXTEP systems which serves Zoup, and many other restaurants, corporate cafeterias, casinos, airports.

The incident came to light after  sources in the financial institutions  noted that all the cards which have recently showed fraudulent activity have been used at any of the 75  Zoup outlets across northern half of the United States and Canada. Zoup, one of Nextep’s biggest customers uses Nextep’s services at all outlets.

On being contacted by KrebsonSecurity, Zoup CEO Eric Ersher referred the calls to Nextep who admitted the breach. Nextep President Tommy Woycik  however added that he believed not all customers were impacted by the breach.

The pattern of breach is similar to the ones at other fast food chains —  Dairy Queen and Jimmy Johns, reported last year. In all such cases, malware is injected at the point of sale systems, which is designed to steal data encoded onto the magnetic strip at the back of credit and debit cards. The stolen data is then used to create counterfeit cards, which are then typically used to make purchases at big-box retailers. Such stolen cards are of considerable value at the underground cybercrime stores, and each card is sold for anywhere between $20 and  $100.

It is not clear how the nextep breach occurred but if previous examples are studied, the cause might be traced to stolen credentials which were then used to remotely administer malware into the system.

Effects of breach at point of sale vendors are huge. Last year, breach at the POS vendor Signature Systems Inc affected Jimmy John sandwich shops and at least 100 other restaurants. Earlier this year, Advanced Restaurant Management Applications (ARMA) suffered from a similar breach that affected many of its client restaurants.

Historically, food institutions have been prone to these attacks.While attacks at chain restaurants can be well  detected owing to pattern originating from the  huge data collated, the magnitude of the breach also increases owing to the number of outlets it affects.

KrebsOnSecurity is currently tracking down the commonalities between the POS breaches across the country.

Paypal President David Marcus credit card gets hacked

David Marcus, Paypal president is to be the latest person to fall victim to credit card fraud.

Marcus said on Monday that his Credit card data were compromised. The cybercriminals made several fraudulent transactions using the obtained information.

Marcus points out that his card using EMV technology which is being touted as a more secure system than magnetic stripe.  But that didn't stop the cybercriminals.

It seems like he did not want to waste this opportunity, he used this incident to promote his company's security benefits.  He said this breach would not have happened, if the merchant accepted Paypal. 

"Obfuscating card data online, on mobile, and now more and more offline remains one of PayPal's strongest value props." he said in twitter.

Paypal is claimed to be more secure and doesn't share card data or bank account details with merchant.  But, we reported that a hacker reportedly manipulate a paypal employee to get the last four digits of a card.

Hackers breached Restaurant Depot's POS network again & accessed credit card info

Hackers once again breached the Point-of-Sale(POS) network of Restaurant Depot, New York based wholesale supplier. The hackers managed to steal credit and debit card details from the card processing system they use in some of their stores.

 The company discovered the security breach on December 4th 2012 when thier customers had experienced credit card fraud after they used their cards at some of our stores.

They hired Trustwave on December 6th to investigate the intrusion. After the investigation, researchers determined that the intrusion first started on Nov 7th 2012. Researchers are still in the process of identifying all the details and are continuing their investigation.

The company notified all the major card brands and provided information about potentially compromised accounts.

"To protect yourself from possible fraudulent charges, you should contact officials at your card issuer immediately by calling the toll-free number on the back of your card or on your monthly statement, tell them you have received this letter, and ask them to cancel and reissue the card. " The official notification reads.

"You should also closely review your credit /debit card statements if you used your cards at one of our stores between November 7th and December 5, 2012. You should immediately notify the bankor financial institution that maintains the card account of any unauthorized charges. "

This is not the first time the company experiencing the security breach , in the 2011, Russian hackers hacked into Restaurant Depot database and accessed the credit and debit card details of more than 200,000 customers.