Instead of coming in with guns and robbing the till, criminals can target small businesses, and steal from them digitally, across the planet. The tools used in the crime are widely available to anyone willing to take the risks, and small businesses’ generally poor security practices and reliance on inexpensive software packages makes them easy pickings.
In a scheme dating back at least to 2008, ArsTechnica reports a band of Romanian hackers has been stealing payment card data from the point-of-sale (POS) systems of hundreds of small retail businesses, including over 150 Subway restaurant franchises, ringing up over $3 million in fraudulent charges. In an indictment unsealed in a New Hampshire court, the hackers are alleged to have gathered the credit and debit card data from over 80,000 victims.
The methods used by the attackers were not sophisticated. The compromised systems were located through an IP addresses scan for any systems with a specific type of remote desktop access software running (port scan). The software was either unprotected or used poor passwords as protection, and provided back door access to the POS systems. Continue reading