Attackers Hit Clearinghouse Selling Stolen Target Data

Professional hackers disrupt the operations and deface sites of different black-market online forums wherein stolen credit card information are sold. These important credit card details were illegally obtained from Target and other online retailers.

Two of the most popular websites known as major sites that steal credit card as well as debit card information from different retailers such as Target went offline on Monday when an unnamed attacker hacked these sites.

On Monday, rescator.cm and rescator.so displayed a message saying that these fraud sites are gone and that the creator and website visitor, whom the hacker called “subhumans and miscreants”, should follow the site and be gone too. The Wall Street Journal witnessed and reported this event.

As the unknown hacker defaced these websites, it called these sites’ users as “regular fraudsters”. It gave props to Brian Krebs. Brian Krebs is a security journalist. He reported about the Target breach which took place on December 2013. In addition, the unnamed hacker embedded the Men in Black video from YouTube in both pages. The song was performed by Will Smith and features some of the scenes in the movie of the same title. The movie was about MIB or Men in Black which is a secret organization which protects earth and its residents from the scum of the universe.

The next day, the website came back online. Through the whole ordeal, the other three websites in the same network remained online. These websites are rescator.cc, octavian.su, and rescator.co.

Krebs also reported that Rescator’s database which holds its customers’ information and card details were stolen. Then, these details were published to the World Wide Web.

Rescator is known to sell stolen debit card and credit card information. These credit card and debit card details came from Target, Sally Beauty Supply, Neiman Marcus, and a lot more. These are sold in batches under code names such as Desert Strike, Krass, Beaver Cage, and Eagle Claw. The last offered batch online was dated March 11 and was called Great Pompeii. Payments are sent to Rescator through Western Union Money Transfer and Moneygram for transactions amounting to at least $500. Other payment options are through an e-currency service called Perfect Money and other cryptographic currencies like Litecoin and Bitcoin.

These credit card and debit card details are sold in batches to prevent flooding. This also ensures that card owners do not experience ID theft until few months have passed.

Rescator owner is also named by Internet Crawler report as a buyer of BlackPOS. BlackPOS is a malware which infects POS or point-of-sale systems. This same malware compromised the famous online retailer, Target before.

Sally Beauty shoppers who purchased items in their retail stores became victims of the ID theft. However, none of the victims’ details were gathered from those who shopped online. Sally Beauty currently works with the United States Secret Service and Verizon. They also promise to keep people updated about the latest developments in these cases. However, the company told Krebs that they cannot confirm any statistics about compromised details until the investigation is over.

April 1, 2014

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013