- AARP - https://blog.aarp.org -

How Target-Like Breaches Occur (P.S. More Are Expected)

Keyboard typingMaybe you are among the 110 million Target shoppers whose payment card or personal information was hacked during the recent holiday shopping season. Perhaps you are one of the 1 million-plus Neiman Marcus customers whose data was exposed in a 2013 breach just recently announced.

Been to Michael’s lately? The arts and crafts retailer is the latest well-known company whose customer payment details were reportedly stolen in the same type of data breach.

How are con artists doing it – and which trusted retailer is next?

Sadly, warns the FBI and other authorities, wherever you shop, prepare for more of the same: cyber attacks that employ sophisticated malware to specifically target point of sale (POS) systems such as cash registers and card-swiping devices.

In a confidential report shared with select U.S. retailers and obtained by Reuters last week, the FBI identified “memory-parsing” malicious software – also known as a “RAM scraper” – as the source of about 20 Target-like hacking cases in the past year.  And the bureau predicted that additional POS attacks will follow.

>> Sign up for the AARP Money newsletter

Typically, when a customer or store clerk swipes a credit or debit card, data from its magnetic stripe is collected by the POS terminal for transfer to the retailer’s payment processing provider.

But before that data is encrypted, nearly undetectable RAM scrapers – installed remotely but exactly how is still being investigated – allow hackers to extract account numbers, PINs and users’ personal information while it is in the computer’s live memory, where it very briefly appears in plain text.

“We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms’ actions to mitigate it,” said the FBI report obtained by Reuters. “The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors.”

On the black market, this malware sells for up to $6,000, and some reports indicate these hackers may be tied to the Russian mob. The FBI noted that one variant, known as Alina, included an option that allowed for “remote upgrades” to make it even harder for corporate security teams to identify and stop.

What does this mean to you?


Photo: Davide Restivo/Flickr

Visit AARP’s new Fraud Watch Network website for information about other scams, and sign up for free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and learn about scam-prevention events in your area.

>> Get discounts on financial services with your AARP Member Advantages.


Also of Interest


See the AARP home page for deals, savings tips, trivia and more