Episode 223 – Skimmer Fraud, Wal-Mart, SMBs & PCI

Announcements:

The Louisville Metro InfoSec Conference:
http://www.louisvilleinfosec.com
When: Thursday, October 7th, 2010
Where: Churchill Downs

Bsides Atlanta:
http://www.securitybsides.com/BSidesAtlanta
When: Friday, October 8, 2010
Where: Think Inc World HQ, 1375 Peachtree St.  Suite 600, Atlanta, Ga (The Earthlink Bldg).
http://bsidesatlanta.eventbrite.com/

MyHardDriveDied.com Data Recovery Class:

http://www.myharddrivedied.com
Dallas, TX – October 11th – 15th
Washington, DC – December 6th – 10th
Use the Discount Code: isdpodcast for a $300 discount.

SANS Mentoring Program:

Jason Lawrence – SANS Forensics 508 – Computer Forensics and Investigations in Sandy Springs, GA
http://www.sans.org/mentor/details.php?nid=21538
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15 for a 15% discount.

Adrian Sanabria - SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN
http://www.sans.org/mentor/details.php?nid=22258
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15KY for a 15% discount.

Phreaknic:
http://www.phreaknic.info
When: Oct 15-17 2010
Where: Nashville, TN

Hack3rCon:
http://www.hack3rcon.org
When: Oct 23-24 2010
Where: Charleston, WV

Stories of Interest:
News: http://www.securityweek.com/how-stop-cyber-attack-it-happens
One of the fastest growing segments of the world economy is cybercrime. The opportunity is created by the inexorable digitization and interconnection of enterprises both Government and Commercial, and is exacerbated by increasingly sophisticated and well-funded attackers. The modern IT security approach to countering this threat has been reactive, not proactive. Intrusion detection systems, firewalls, Web filters, anti-malware software and Patch Tuesdays represent the state of the art, and while there are a lot of great security products and technologies available, the concept of allowing connectivity to critical information and networks while trying to filter and detect malicious activity is fundamentally flawed. The black hats simply change tactics to circumvent defenses, they are always one step ahead.

• Learn from Others’ Mistakes
• Do your Homework
• What Not to Do
• Ask the Experts

News: http://www.homesecuritysource.com/blogs/top-5-credit-and-debit-card-skimming-attacks.aspx
Credit card fraud is a multi-billion dollar industry. Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. ATM skimming alone is responsible for $350,000 of fraud daily exceeding a billion dollars in losses annually.

Skimming can occur in a few different ways;

• Wedge Skimming
• POS Swaps
• ATM Skimmers
• Data Interceptors
• Dummy ATM’s

News: http://www.storefrontbacktalk.com/social-networks/ohio-wal-mart-giftcard-thief-gets-11k-just-for-the-asking
Earlier this month, a man called a 24-hour Wal-Mart in Columbus, Ohio, at 1 AM and told an associate he was with Wal-Mart’s IT department. The caller instructed the associate to activate gift cards, read him those card numbers and then scratch off the tape on the back of the cards so she could tell him the authorization codes, police said. And the associate obliged. Hours—and more than $11,000 in online fraud—later, the store realized it had been had.

This incident, which police are still investigating, raises the issue of associate training. Preliminary information given to police by Wal-Mart did not indicate that the caller gave the associate any reason to believe he really was from Wal-Mart IT. Nor was any reason offered as to why an IT person would make such a request. Was the thief assuming the 1 AM crew might be more accommodating and less suspicious?

The incident reportedly happened on September 5 at the Westpointe Plaza Wal-Mart near Columbus, said Columbus Police Detective Susan Collins, who added on Wednesday (Sept. 22) that Wal-Mart had yet to indicate how it arrived at the very specific fraud figure of $11,054.60. Nor did the retailer say how many—or the nature of—the transactions involved. A Wal-Mart spokesperson on Wednesday (Sept. 22) also said she had yet to hear back from store officials about the incident’s particulars.

News: http://darkreading.com/smb-security/security/app-security/showArticle.jhtml?articleID=227500486
As social networks become more popular, such threats are becoming more common, taking advantage of the trust between users. No wonder, then, that more than a third of small and midsize businesses (SMBs) already have identified a social network as the entry point for a virus or Trojan horse infecting their corporate networks, according to survey released last week by Panda Security.

“Everyone has to worry about it, but small and medium businesses are most vulnerable,” says Sean-Paul Correll, a senior threat researcher with Panda. “Either they don’t have the needed expertise or they don’t have the budget to hire the expertise.”

Malicious code is not the only threat that SMBs are facing on the social networking front. Many companies are finding workers posting sensitive information on these sites without fully understanding the implications of the act. More than one company has leaked critical business information inadvertently to the press via social network postings.

“You can see the [news] article going up as the employee is tweeting,” Correll says.

For SMB owners who may not have the technical chops of their younger workers, dealing with social networks can be particularly daunting, says Ian Moyse, channel director of Europe, Middle East, and Africa for security firm Webroot.

“The younger employees have grown up with it — it’s likely on their phone,” Moyse says. “A lot of small business owners may not understand that this is going on.”

But completely banning Facebook, Twitter, and LinkedIn often leads only to unhappy employees, who might still use the services through a smartphone or from home. Instead of trying to block such services, SMBs should work with their employees, Moyse says.

News: http://www.theregister.co.uk/2010/09/23/vacuum_cleaner_bandits/
Thieves armed with little more than a drill and a powerful vacuum cleaner siphoned £60,000 out of a supermarket safe in France in what police said is the 15th such heist against the same store chain.

The burglars have made off with €500,000 by exploiting a flaw in the security system of Monoprix, the chain that has been targeted since 2006, The Sun reports. Once they get inside the premises, they drill a small hole in the “pneumatic tube” used to transport money from the checkout to the strong room. This allows them to raid a safe without ever having to break its locks.

News: http://www.independent.co.uk/news/uk/crime/12-years-in-jail-for-man-in-vile-porn-plot-2087755.html
Update to a story we discussed in August about Neil Weiner, a man who sought to ruin the life of a school caretaker by planting child pornography on his computer. Weiner has now been convicted on two counts of possession of child pornography and one count of perverting the course of justice. He was sentenced to 12 years in jail.

“The judge told Weiner that his plot to have Mr. Thompson sacked and prosecuted very nearly succeeded. Police had been careful not to make public their arrest of the caretaker and only informed those at the school who needed to know, he said. ‘But you gratuitously and spitefully informed the local press so that he and his wife suffered the distress of the unwelcome publicity which followed.’ Mr. Thompson’s health and that of his wife suffered. The judge said: ‘There are still those who believe, and probably always will, that he is a pedophile. I am wholly satisfied that Mr. Thompson is innocent.’ … Weiner had discovered the caretaker’s password by looking over his shoulder one day and been caught doing so. When Mr. Thompson was asked why he did not change it, he said he wished he had, adding: ‘Who in their worst nightmares would could have thought that anyone could stoop to do what he did?’”