Everything you need to start an identity theft empire in one convenient bundle

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.dailydot.com/crime/russian-criminals-grou-ib-verifone-vx670-identity-theft-fraud/

If your heart goes out to the poor black hat hacker who has to work his
finger to the bone just to steal enough to keep his head above water, take
heart.

The Register reports that aspiring electronic thieves can now buy a point
of sale terminal that steals and processes credit card numbers all in one
handy bundle. With an optional service package.

Security consultancy Group-IB has discovered criminals selling a package
that would rival the offerings of an iStore, all based off a modified
Verifone VX670 terminal. Among the options for the discerning creep? A
rigged card reader that can send a user’s account information to a laptop
via cable or to a phone outfitted with a SIM card, a list of morally lithe
merchants willing to launder the money and return it to the owner, and
(jaws on the ground time) a service contract that allows a buyer to secure
the full package for $2,000, in exchange for sharing 20% of the money they
steal.

The intended market for these offerings are clearly the script kiddie
version of black hat hackers, people whose eyes are bigger than their
stomachs in terms of their hacking chops.

The criminals are likely based out of Russia, as the instructional video
uses a card from Russian bank Sberbank and the amount is in Rubles, among
other hints.

As Group-IB itself has documented, cyber crime in Russia has reached $1.9
billion. This is a considerable sector of any economy. And, as we have
previously reported, the sometimes anarchic state of the onetime empire is
such that the old Soviet domain, .su, for instance, makes it easier for
black hats, crackers, and botnet runners to get their jobs done.

Group-IB’s Andrei Komarov commented that, given how difficult it is to
commit this sort of fraud, this new method is likely to be very popular. If
it proves workable and sustainable it could provide a whole new area for
consumers, legit merchants, law enforcement, and security people to worry
about.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.