A gang of Romanian hackers has been busted by the Australian Federal Police (AFP) for robbing around 500,000 credit card numbers from Australia. According to reports, 200 some Romanian cops broke through 36 different locations, detaining 16 people, and arresting seven of those 16.
The alleged charges include the information, in which, around 500,000 credit card numbers were stolen, racking up charges averaging $1,000 each out of about 30,000 of them. However, the total stolen money totaled up to over $30 million. Not exactly a good thing during the holiday season, no doubt.
The credit card numbers were allegedly stolen through means of Remote Desktop Protocol (RDP), which is a means for accessing computers via remote connection. It allows anybody, including attackers, to login/hack to an unsuspecting PC, and take control of it.
They also had the opportunity, and probably did so, was to hack point-of-sale systems in small businesses, and hijack credit card numbers there, as well. This is assumed, anyway.
It is unclear whether the hackers worked jointly in the cloud, or did their own operations separately. However, what is true is that a bust has happened, and now damage control can begin.
The investigation, titled Operation Lino, began in 2011. It was mainly started because of hearsay of suspicious credit card transactions. Probably enough to raise suspicion, no doubt.
The AFP may be triumphant now, but they better keep searching and make sure everyone’s caught, and also help clean up the damages caused by this incidence.
Australian Police are actively searching for a band of Eastern European Hackers responsible for conducting a point-of-sale hack on 500,000 people in Australia. This is related to the similar situation of the hack on the Subway restaurant chain in the United States.
Apparently, the intrusion occurred at an unidentified merchant. The attack vector from the hackers involved installing keylogging software on point-of-sale terminals. Here’s the major conduit for the attack, though… the company affected used default passwords on their systems and did not encrypt their data.
How easy was it for the hackers to attack? A simple vulnerability that could have been used 5-6 years or more ago… Microsoft Remote Desktop Protocol (RDP). It is imagined that the hackers had the main advantage, and the company was simply asking for it.
Now, these hackers, probably part of the same Romanian group that hacked/breached the Subway restaurant chain the US, their motive is likely to hack vulnerable systems in order to receive financial data. Obviously, the aim to use the credit cards illegally, there is some concern of over 80,000 credit cards being already compromised and possibly millions of dollars funneled.
This blog will try to update more on this story as evidence comes in. Stay tuned!
Patch Tuesday this month (June 2012) was quite a show of vulnerability patching.
From Microsoft Updates to Oracle Updates!
Java Standard Edition needed patched big time, Oracle notes. 14 vulnerabilities were found recently, which ensured the update. It is recommended to patch immediately from Java.com, because six of the vulnerabilities received the highest possible common vulnerability scoring system (CVSS) rating.
If 12 out of 14 vulnerabilities stay unpatched, they are remotely exploitable, which means they present a HUGE security risk!
This update addresses security vulnerabilities in the Java development kit (JDK) and runtime environment (JRE) version 7 update 4 and earlier, JDK and JRE version 6 update 32 and earlier, JDK and JRE update 35 and earlier, JDK and JRE 1.4.2 update 37 and earlier, and JavaFX 2.1 and earlier.
Oracle gives credit for reporting these vulnerabilities to Adam Gowdiak of Security Explorations, Andrei Costin of Secunia, Chris Ries of TippingPoint, and Clayton Smith of Entrust.
Microsoft Windows Updates
3 critical updates – 4 important updates = 7 total bulletins that were addressed.
Here is a rundown of the critical updates:
- MS12-036 – remote desktop vulnerability: an attacker could obtain the credentials to perform attacks through the Remote Desktop Protocol (RDP).
- MS12-037 – cumulative security update for Internet Explorer…addressed 1 public and 12 private vulnerabilities.
- MS12-038 – This is a .NET Framework issue in XAML browser applications (XBAP), where an attacker can execute remote code if credentials are right.
Overall, Patch Tuesday this time around was a huge hit.
Now, get to work on the updates: