![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Good'n'bad in the credit card theft world
Jan. 29th, 2020 09:39 amFirst, the bad: the Wawa theft lasted nine months and looks like it netted 30 million+ cards. I'm not sure why they say "nationwide" when I've been all over the country and never seen one, unless they operate under different names in different places, but apparently they operate in 40+ states. Anyway, this looks like a central hack, maybe they got in to central IT and used remote access tools to push their software out to all terminals and gas pumps.
The net result is a lot of compromised cards. All of which are for sale on carder forums.
The big problem here is that the USA is the last of the G20 nations to really push to chip-based credit cards and to get rid of magnetic stripes as this makes it hella tougher to steal card information as it creates end-to-end encryption. It's child's play to steal magnetic strips, I complain every time I have to swipe my card at a merchant. On top of that, Visa is pushing back on chips, but there's a deadline of October of this year for gas station merchants to upgrade their pumps for chip readers. I think most of the pumps in my area have been upgraded to also have wireless contact for those credit cards that have it or for Google/Apple Pay devices.
Now here's an interesting and actually good bit of news: even if 30+ mil cards were stolen, previous evidence would suggest that the numbers used in fraud are pretty low. The monster Target breach in 2013? Over 40 million cards were stolen, but only 3 mil used in fraud.
https://krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/
The good news: major Russian cybercrime boss made a classic mistake: DO NOT EFFING LEAVE RUSSIA! He went to Israel in 2015, Israel arrested him, Israel handed him over to the United States.
This guy, Aleksei Burkov, ran a very exclusive crime forum. To join it, you had to be recommended by other members. Then you had to pay a fee to join. You had to be fluent in Russian. AND you had to have a security certificate installed on your computer before the web page would load! That's some pretty good operational security. He was described as an important asset to the Russian government.
But then he got stupid and he traveled to a country not controlled by Russia, and he got nabbed. He plead guilty in a Virginia Federal court to running a carder forum and selling more than 150,000 stolen credit cards, he has not yet been sentenced.
Russia retaliated and an Israeli woman traveling from India, had a layover in Russia, Russian authorities "discovered" 10 grams of marijuana in her luggage which she had no access to during the layover, and arrested her. Naama Issachar had been attending a yoga course and had not sought to enter Russia, it's just how the plane was routed. No telling what her fate may be.
https://krebsonsecurity.com/2020/01/russian-cybercrime-boss-burkov-pleads-guilty/
The net result is a lot of compromised cards. All of which are for sale on carder forums.
The big problem here is that the USA is the last of the G20 nations to really push to chip-based credit cards and to get rid of magnetic stripes as this makes it hella tougher to steal card information as it creates end-to-end encryption. It's child's play to steal magnetic strips, I complain every time I have to swipe my card at a merchant. On top of that, Visa is pushing back on chips, but there's a deadline of October of this year for gas station merchants to upgrade their pumps for chip readers. I think most of the pumps in my area have been upgraded to also have wireless contact for those credit cards that have it or for Google/Apple Pay devices.
Now here's an interesting and actually good bit of news: even if 30+ mil cards were stolen, previous evidence would suggest that the numbers used in fraud are pretty low. The monster Target breach in 2013? Over 40 million cards were stolen, but only 3 mil used in fraud.
https://krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/
The good news: major Russian cybercrime boss made a classic mistake: DO NOT EFFING LEAVE RUSSIA! He went to Israel in 2015, Israel arrested him, Israel handed him over to the United States.
This guy, Aleksei Burkov, ran a very exclusive crime forum. To join it, you had to be recommended by other members. Then you had to pay a fee to join. You had to be fluent in Russian. AND you had to have a security certificate installed on your computer before the web page would load! That's some pretty good operational security. He was described as an important asset to the Russian government.
But then he got stupid and he traveled to a country not controlled by Russia, and he got nabbed. He plead guilty in a Virginia Federal court to running a carder forum and selling more than 150,000 stolen credit cards, he has not yet been sentenced.
Russia retaliated and an Israeli woman traveling from India, had a layover in Russia, Russian authorities "discovered" 10 grams of marijuana in her luggage which she had no access to during the layover, and arrested her. Naama Issachar had been attending a yoga course and had not sought to enter Russia, it's just how the plane was routed. No telling what her fate may be.
https://krebsonsecurity.com/2020/01/russian-cybercrime-boss-burkov-pleads-guilty/
