BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Subway Restaurants Rocked By POS Hackers

From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Mon, 18 Mar 2013 12:03:05 -0400
http://www.forbes.com/sites/billsinger/2013/03/15/subway-restaurants-rocked-by-pos-hackers/


In a federal Indictment that was unsealed on March 15, 2013, in
Boston, MA, federal prosecutors allege that sometime around 2011,
Shahin Abdollahi, aka “Sean Holdt,” 46, of Lake Elsinore, CA, and
Jeffrey Thomas Wilkinson, 35, of Rialto, CA, conspired to remotely
hack into point-of-sale (“POS”) systems in Subway restaurant
franchises around the country; and, in fact, apparently managed to
hack into at least 13 Subway POS systems. These systems allow
merchants to manage customer purchases made by credit, debit and gift
cards.

Okay, that’s bad enough.  I mean what’s the world coming to when that
Footlong special comes with a large side order of computer bugs?

What’s even more enfuriating is that the Indictment alleges that from
2005 to 2008, Abdollahi owned a number of Southern California Subway
franchises. Also, Abdollahi operated a business called “POS Doctor.”

So – guess: To whom do you think POS Doctor sold POS systems?

Turns out that POS Doctor sold and installed systems to Subway
restaurant franchises in the good old USA.

And what did this computer sandwich franchise conspiracy achieve by
all this high-tech crap?  Apparently the conspirators fraudulently
added at least $40,000 in value to Subway gift cards, which they then
used to make purchases at Subway (and Wilkinson is further charged
with selling fraudulent gift cards over eBay and Craigslist.)

Abdollahi and Wilkinson were both charged with one count of conspiracy
to commit computer intrusion and wire fraud, and one count of wire
fraud.

NOTE: The charges contained in an Indictment are merely accusations,
and the defendants are presumed innocent unless and until proven
guilty beyond a reasonable doubt in a court of law.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: