A few months back we first heard about the news that over 40 million credit card were stolen from Target during Black Friday until December 15th, several weeks after Target released a PR in which it confirms that over 70 million Names, email addresses and phone numbers were also stolen.
This all hasn’t done Target any good and being one of the biggest retail stores in the US it has caused for many problems and concern with costumers.
So, How did they do it? How did a few hackers steal 40 million credit cards? A report from the U.S. Department of Homeland Security and iSIGHT claim the computers had already been infected for a long time. Hackers have been targeting the POV (Point of Sale) devices and named the malware used to hijack the account information as Trojan.POSRAM or (RAM scrapers) the reporter told Recode.
Ram Scrapers are programs that target the RAM that is available in Point of Sale devices, the payment card industry has a set standards known as PCI-DSS. This standard require end-to-end encryption of sensitive payment data when it is transmitted, received or stored but this sensitive payment data is decrypted in the RAM of the Point of Sale device for processing, making it incredibly vulnerable.
This Trojan.POSRAM malware takes advantage of this vulnerability and stores the decrypted information on a file which was send to external serves which then were accessed by the hackers to get and view the information.
Ram Scrapers have been around since 2009 and it is just unlucky that retail store Target was the target of the hack since almost all mayor US retailers have a PoS system where the transaction is completed. Here is data from Sophos that shows what industries Ram Scrapers mainly target:
What do the hackers do with the stolen credit cards? Blogger Brian Krebs saw interesting things going on in the Black market where people purchase and trade illegal items usually using Bitcoins as payment method. the amount of credit cards on the black market has 20-fold increased since the credit cards were stolen, all though the PIN code wasn’t stolen, hackers can still purchase online items with the stolen credit cards. Make sure to read our full article regarding this here.