If your heart goes out to the poor black hat hacker who has to work his finger to the bone just to steal enough to keep his head above water, take heart.
The Register reports that aspiring electronic thieves can now buy a point of sale terminal that steals and processes credit card numbers all in one handy bundle. With an optional service package.
Security consultancy Group-IB has discovered criminals selling a package that would rival the offerings of an iStore, all based off a modified Verifone VX670 terminal. Among the options for the discerning creep? A rigged card reader that can send a user’s account information to a laptop via cable or to a phone outfitted with a SIM card, a list of morally lithe merchants willing to launder the money and return it to the owner, and (jaws on the ground time) a service contract that allows a buyer to secure the full package for $2,000, in exchange for sharing 20% of the money they steal.
The intended market for these offerings are clearly the script kiddie version of black hat hackers, people whose eyes are bigger than their stomachs in terms of their hacking chops.
The criminals are likely based out of Russia, as the instructional video uses a card from Russian bank Sberbank and the amount is in Rubles, among other hints.
As Group-IB itself has documented, cyber crime in Russia has reached $1.9 billion. This is a considerable sector of any economy. And, as we have previously reported, the sometimes anarchic state of the onetime empire is such that the old Soviet domain, .su, for instance, makes it easier for black hats, crackers, and botnet runners to get their jobs done.
Group-IB’s Andrei Komarov commented that, given how difficult it is to commit this sort of fraud, this new method is likely to be very popular. If it proves workable and sustainable it could provide a whole new area for consumers, legit merchants, law enforcement, and security people to worry about.
H/T Naked Security | Photo by Rodrigo Soto