Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Monday August 25 2014, @06:12AM   Printer-friendly
from the well,-duh! dept.

The New York Times has a blog posting that states what many here have either known or long suspected, that cash register terminal malware infection is pervasive.

The attacks were much more pervasive than previously reported, the advisory said, and hackers were pilfering the data of millions of payment cards from American consumers without companies knowing about it. The breadth of the breaches, once considered limited to a handful of businesses, underscored the vulnerability of payment systems widely used by retail stores across the country.

On July 31, Homeland Security, along with the Secret Service, the National Cybersecurity and Communications Integration Center and their partners in the security industry, warned companies to check their in-store cash register systems for a malware package that security experts called Backoff after a word that appeared in its code. Until that point, Backoff malware and variations of it were undetectable by antivirus products.

Since then, seven companies that sell and manage in-store cash register systems have confirmed to government officials that they each had multiple clients affected, the government said Friday. Some of those clients, like UPS and Supervalu, have stepped forward, but most have not.

In all, the Secret Service estimated that more than 1,000 American businesses had been affected.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by Snotnose on Monday August 25 2014, @06:39AM

    by Snotnose (1623) on Monday August 25 2014, @06:39AM (#85221)

    If the NSA, Homeland Security, FBI, and other TLA agency boffins were protecting me against this kind of BS. As opposed to creating backdoors in security, exploiting zero day holes, and spying on me, my ex, my parents, my kids, and the dudes I play D&D with.

    / don't get me started on infiltrating a bunch of stoners who post "whoa dude, we could so bomb something"
    // then talk them into actually planning it

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
    • (Score: 0) by Anonymous Coward on Monday August 25 2014, @08:00PM

      by Anonymous Coward on Monday August 25 2014, @08:00PM (#85440)

      On July 31, Homeland Security, along with the Secret Service, the National Cybersecurity and Communications Integration Center and their partners in the security industry, warned companies to check their in-store cash register systems for a malware package that security experts called Backoff after a word that appeared in its code. Until that point, Backoff malware and variations of it were undetectable by antivirus products.

      If the NSA, Homeland Security, FBI, and other TLA agency boffins were protecting me against this kind of BS. As opposed to creating backdoors in security, exploiting zero day holes, and spying on me, my ex, my parents, my kids, and the dudes I play D&D with.

      In due consideration of those sources listed, comments and recent events, are there any trusted sources?

  • (Score: 2, Interesting) by Anonymous Coward on Monday August 25 2014, @08:17AM

    by Anonymous Coward on Monday August 25 2014, @08:17AM (#85237)

    A couple of years ago I switched to a nearly all-cash lifestyle mostly for privacy. I only use credit cards for online purchases, and those I use disposable/one-time numbers for (and I've cut way back on online purchases in general). Normal people look at me funny when I tell them I'm cash only. And in a way they are right - the odds are against having a problem, after all how many Target victims actually had fraudulent charges on their cards? But at least now when I tell people the benefits of going cash-only they have reference point, most still think I am a bit extreme, but at least they don't think I'm a nut anymore.

    The perverse thing is that a lot of people look at cash transactions with suspicion. The federal terrorism/money-laundering threshold that requires reporting a cash transaction hasn't changed for like 2 decades, it is still $10K. But with inflation the effective limit has dropped by a 38% - $10K in 2014 dollars is only worth $6.2K in 1994 dollars. So, by ratcheting up the regulations for cash, ostensibly to reduce criminality the result is that people who are trying to protect themselves from criminality appear to be nearly indistinguishable from criminals themselves.

    • (Score: 2) by kaszz on Monday August 25 2014, @11:27AM

      by kaszz (4211) on Monday August 25 2014, @11:27AM (#85272) Journal

      Cash withdrawal can be registered unless you make your employer pay in cash. But other than that. How will they know what you do with your cash ..?

      • (Score: 0) by Anonymous Coward on Monday August 25 2014, @12:39PM

        by Anonymous Coward on Monday August 25 2014, @12:39PM (#85298)

        Record it when it goes out, record it when it comes back. Most businesses send their cash to a bank, those that don't eventually give the cash to someone that does.

        Figuring out that If I get bill X and give it to person A and get it back from person C and person C did business with person B (say they used one of those convenient grocery store member cards or I review the security tapes) then I know person A did business with person B.

        Sure, it is more opaque than credit card use, but it is far from anonymous.

    • (Score: 3, Funny) by WillR on Monday August 25 2014, @01:48PM

      by WillR (2012) on Monday August 25 2014, @01:48PM (#85318)
      That's smart, credit card fraud can be such a hassle. If your card gets cloned, you'll have to make phone calls and possibly even fill out paper claim forms and snail-mail them to the bank. Even after that it could take several weeks to get the charges removed from your account. On the other hand, when your cash is stolen you know immediately none of it is ever coming back, and you can get on with your life.
      • (Score: 0) by Anonymous Coward on Monday August 25 2014, @03:42PM

        by Anonymous Coward on Monday August 25 2014, @03:42PM (#85353)

        Since I don't make a habit of walking around with a ton of money in my pocket, the window for losing a significant amount of cash is small enough that I don't really worry about it.

        • (Score: 0) by Anonymous Coward on Monday August 25 2014, @08:11PM

          by Anonymous Coward on Monday August 25 2014, @08:11PM (#85443)

          Of course if you do carry any significant amount of money around with you and get caught with it by any of the numerous levels of "law enforcement officers" they can "legally" steal all the funds you are carrying and arrest you as a drug dealer, after all if you are carrying that amount of money then you must be a drug dealer looking to make a buy or who has just made a sell, right? Then of course they can go after everything else you own etc. Welcome to the Bully USA! And definitely don't mean "bully" like Teddy Roosevelt did.

          Unfortunately, not all thieves are law breakers.

      • (Score: 2) by frojack on Monday August 25 2014, @06:13PM

        by frojack (1554) on Monday August 25 2014, @06:13PM (#85409) Journal

        That's smart, credit card fraud can be such a hassle. If your card gets cloned, you'll have to make phone calls and possibly even fill out paper claim forms and snail-mail them to the bank. Even after that it could take several weeks to get the charges removed from your account.

        Really? That's not how it happens around here.

        We either get a call from the CC company or we call them when a card is suddenly declined, and they tell us new cards are in the mail, and they ask us to verify about recent transactions, and they process those that we recognize. We have never had to mail anything to the bank (why would your bank be involved?).

        Worst case is if we hope on a plane using airline miles or booking with a different card, and charges start suddenly showing up in Mexico. We've learned to call ahead and tell them we are traveling, or book the trip on the same card. We never have problems when driving. They see meals, hotels, and gas being purchased in the general direction you are heading and it doesn't raise red flags.

        I suppose someone could clone a card and use it in the same city, but that's pretty rare. Most of them are sold overseas.

        --
        No, you are mistaken. I've always had this sig.
        • (Score: 0) by Anonymous Coward on Monday August 25 2014, @06:47PM

          by Anonymous Coward on Monday August 25 2014, @06:47PM (#85411)

          wooosh!

    • (Score: 2) by hoochiecoochieman on Tuesday August 26 2014, @09:35AM

      by hoochiecoochieman (4158) on Tuesday August 26 2014, @09:35AM (#85658)

      The biggest problem is that the US banks have been resisting the transition to EMV for years. With chip-and-PIN, it's not possible to clone a card (if the chip has no horrible flaw, of course).

      When I was working at the US, I found it appalling the way you handle card payments. If someone clones my card's magnetic strip then buying something just requires him to make a scratch on a piece of paper that nobody checks. Here in Europe, to make a payment I have to insert my chip card in a reader with a secure pinpad and then type my PIN.

      By resisting the transition to EMV, the US are making themselves the world capital of card fraud.

      Of course, EMV does nothing about privacy. If you don't want the card companies and banks tracking your money usage, cash is the way to go.