My Words

Hackers Prepare Supermarket Sweep

Self-checkout systems in UK supermarkets are being targeted by hi-tech criminals with stolen credit card details.A BBC investigation has unearthed a plan hatching online to loot US bank accounts via the checkout systems.Fake credit cards loaded with details from the accounts will be used to get cash or buy high value goods.

The supermarkets targeted said there was little chance the fraudsters would make significant gains with their plan.

With the help of computer security experts the BBC found a discussion on a card fraud website in which hi-tech thieves debated the best way to strip money from the US accounts.

The thieves claim to have comprehensive details of US credit and debit cards passed to them from an American gang who tapped phone lines between cash machines and banks.

‘Cashing out’
The funds being laundered have been pilfered from US bank accounts

The gang plans to copy card details onto the magnetic stripes of fake cards and then use them in UK stores. In the discussion on the card site those co-ordinating the fraud say they are seeking places to “cash out”, meaning strip funds from the bank accounts using fake cards.

In the forum they are asking for information about Asda and Tesco stores in which it is possible to use self-service systems that mules could visit with the fake cards to get at the cash.

The fraudsters are looking for self-service systems to avoid contact with store staff who may spot the fake cards.

Over the period of a month from mid-August the ringleader claims he will have details from 2300 cards to handle.

In the forum he declares: “Its (sic) shopping spree guys help me out and I will take care of you.”

The fraudsters are looking for self-service systems to avoid contact with store staff who may spot the fake cards.

Over the period of a month from mid-August the ringleader claims he will have details from 2300 cards to handle.

In the forum he declares: “Its (sic) shopping spree guys help me out and I will take care of you.”

The information found by the BBC has been passed to the Dedicated Cheque and Plastic Crime Unit so it can investigate the ongoing fraud.

Andrew Moloney, security evangelist at RSA, said the gang were involved in “classic” card fraud by cloning details on to magnetic stripes.

He said it was an example of a long observed trend in fraud.

“We’ve seen a shift from card-present fraud to card-not-present to fraud abroad,” he said.

“The internet is the global marketplace,” he said. “It’s not difficult to take compromised cards from one country and exploit them in another. It’s a simple and routine procedure for these guys these days.”

Jacques Erasmus, from security firm Prevx, agreed that cashing out abroad was a well established method. “They do not normally cash out in the same country,” he said, “just because it makes the law enforcement job that much harder.”

He said many criminal gangs even offer their fraudulent services via the web.

“They will do it for you in India and China,” he said.

Sweeping up

Armed with fake cards and a list of shops and supermarkets that can be hit the fraudsters could make £5-8000 per day, according to Mr Erasmus.

The funds would be split between the mules who actually carry out the transactions, those organising the mules and the hi-tech thieves who stole the original card numbers.

Representatives from both Tesco and Asda argue that payment systems automatically contact the banks when a card is swiped instead of using chip-and-pin. The banks must authorise the acceptance of a signature.

“If the card has not been reported as having been cloned, yes, it can go through,” said a spokeswoman for Tesco. However, she pointed out that swipe and sign transactions represent a tiny fraction of the supermarket chain’s trade.

“We would hope this will bring further pressure on the States to introduce chip-and-pin,” said Jemma Smith of the UK payments organisation Apacs. “Until that happens we will still see fraud on US cards happening in our shops and our cash-machines and also fraud on our cards happening in the US.”

Alarm Raised on Teenage Hackers

Increasing numbers of teenagers are starting to dabble in hi-tech crime, say experts.

Computer security professionals say many net forums are populated by teenagers swapping credit card numbers, phishing kits and hacking tips.

The poor technical skills of many young hackers means they are very likely to get caught and arrested, they say.

Youth workers added that any teenager getting a criminal record would be putting their future at risk.

Slippery slope

“I see kids of 11 and 12 sharing credit card details and asking for hacks,” said Chris Boyd, director of malware research at FaceTime Security.

Many teenagers got into low level crime by looking for exploits and cracks for their favourite computer games.

Communities and forums spring up where people start to swap malicious programs, knowledge and sometimes stolen data.

Some also look for exploits and virus code that can be run against the social networking sites popular with many young people. Some then try to peddle or use the details or accounts they net in this way.

Mr Boyd said he spent a lot of time tracking down the creators of many of the nuisance programs written to exploit users of social networking sites and the culprit was often a teenager.

From such virus and nuisance programs, he said, many progress to outright criminal practices such as using phishing kits to create and run their own scams.

“Some are quite crude, some are clever and some are stupid,” he said.

The teenagers’ attempts to make money from their life of cyber crime usually came unstuck because of their poor technical skills.

“They do not even know enough to get a simple phishing or attack tool right,” said Kevin Hogan, a senior manager Symantec Security Response.

“We have seen phishing sites that have broken images because the link, rather than reference the original webpage, is referencing a file on the C: drive that is not there,” he said.

Symantec researchers have collected many examples of teenagers who have managed to cripple their own PCs by infecting them with viruses they have written.

Video choice

Chris Boyd from FaceTime said many of the young criminal hackers were undermined by their desire to win recognition for their exploits.

“They are obsessed with making videos of what they are doing,” he said.

Many post videos of what they have done to sites such as YouTube and sign on with the same alias used to hack a site, run a phishing attack or write a web exploit.

Many share photos or other details of their life on other sites making it easy for computer security experts to track them down and get them shut down.

Mr Boyd’s action to shut down one wannabe hacker, using the name YoGangsta50, was so comprehensive that it wrung a pledge from the teenager in question to never to get involved in petty hi-tech crime again.

Mathew Bevan, a reformed hacker who was arrested as a teenager and then acquitted for his online exploits, said it was no surprise that young people were indulging in online crime.

“It’s about the thrill and power to prove they are somebody,” he said. That also explains why they stuck with an alias or online identity even though it was compromised, he added.

“The aim of what they are doing is to get the fame within their peer group,” he said. “They spend months or years developing who they are and their status. They do not want to give that up freely.”

Graham Robb, a board member of the Youth Justice Board, said teenagers needed to appreciate the risks they took by falling into hi-tech crime.

“If they get a criminal record it stays with them,” he said. “A Criminal Record Bureau check will throw that up and it could prevent access to jobs.”

Anyone arrested and charged for the most serious crimes would carry their criminal record with them throughout their life.

Also, he added, young people needed to appreciate the impact of actions carried out via the net and a computer.

“Are they going to be able to live with the fact that they caused harm to other people?” he said. “They do not think there is someone losing their money or their savings from what they are doing.

“For a kid, getting a criminal record is the worst possible move.”

1 Comment

  1. This blog’s great!! Thanks :).


Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Calendar

    • August 2017
      S M T W T F S
      « Apr    
       12345
      6789101112
      13141516171819
      20212223242526
      2728293031  
  • Search