Romanian hackers steal millions from Subway

Attackers got away with the credit card details of over 80,000 customers
Kerry Butters

December 12, 2011

Romanian hackers have had an indictment served upon them in the US, after an investigation uncovered the hacking of 150 Subway stores, along with 50 other unnamed retailers.

It is thought that the attacks compromised the credit card details of over 80,000 customers and millions of dollars worth of unauthorised purchases were carried out.

The indictment names four Romanians as the perpetrators as well as two unnamed defendants who are at an “unknown location”, and it includes the hacker’s online monikers.

The attackers first scanned the internet for point of sale (POS) systems which were vulnerable and then used password crackers to obtain entry.

They then installed keyloggers in order to record the information, which was processed using the machines.

This included customer details such as credit card numbers and PINs as well as store information which was inputted.

The hackers also installed a back door trojan which gave them future access and allowed them to install further malicious programs designed to help carry out the fraud.

Once the required information was obtained, the attackers uploaded these to US-based “dump sites” which had been specially created. These were computers owned by US consumers who had no idea that their machines were being used for other purposes.

Once the stolen data had been successfully stored, it was then transferred to overseas computers where the defendants “monetized” it by making unauthorised charges or selling the data.

The hackers also made phoney credit cards with the information stored on them by using magnetic strip readers/ writers and card embossers, before making purchases with them across Europe.

The thieves were tracked down through email and online chats in which they talked about selling the stolen data and various targets. They also discussed obtaining card numbers with higher credit limits so that the cards could be used in certain outlets in Europe.

The fraud is thought to have been carried out between 2008 and 2010.


Post a comment

Your email address will not be published. Required fields are marked *

Visited 7872 times, 2 so far today