Christmas cracked? Threat to shoppers from tills that "steal"

Thousands of us will hit the High Street in the next few days, shopping for stocking fillers and last-minute bargains - but watch out as a new hi-tech threat has hit tills around the world.

A still-unknown gang of cybercriminals have engineered shopping tills that steal from customers as they buy - when you type in your PIN, it's transmitted to computers far away, and your card cloned.

Up to 20,000 are thought to have fallen victim to this latest attack in Europe and America - where ordinary tills are infected with malicious software known as 'Stardust.'

Such attacks are not new - two years ago, Romanian hackers stole $5 million by hacking into tills in 150 Subway restaurants in America, stealing card details for 80,000 customers.

                         [The NASA oddball who makes "living" Christmas sweaters]

This new attack, though, is more sophisticated - it transmits information to remote servers, where gangs of thieves clone cards and empty the accounts. Subway's systems were poorly protected - but this new attack is still not fully understood.

Companies such as Symantec now sell security software for tills - but for an ordinary shopper, it can be hard to tell which stores are 'safe'. Once a card number is in the hands of a gang, it will be emptied at a speed that is barely believable.

Cybercriminals often have professional "launderers", who buy items, then demand refunds from internet stores. The stores themselves are fakes - run by criminals. Using this technique, cards can be drained in minutes or hours.

"Approximately 20,000 credit cards may have been compromised via Stardust variation" said Dan Clements, the president of IntelCrawler. The researchers warned it was “a matter of time” before thieves became even more sophisticated.

The problem for shop owners - and the police - is that most tills and shop networks use Windows systems - and hackers are all too familiar with these. An attacker may be able to take control simply by stealing a password. Previously, such thefts involved fake tills, fake card readers - or devices attached by criminals.

An arrest in Toronto last year of four men trading fake credit cards led to another suspect - who had a “stash” of fake tills, some part-built, according to detective Ian Nichol.


                               [The NASA oddball who makes "living" Christmas jumpers]


The trend is spreading - cloning cards is now so easy that criminals need faster ways to harvest numbers and PIN codes. Shop tills are the perfect target.

“Criminal gangs worldwide are illegally accessing sales terminals and modifying them by inserting an undetectable electronic “bug” that captures cardholder data and PINs ,” Visa says. The company issued a warning to companies worldwide about the scam.

In Russia, cybercriminals make and sell fake chip-and-PIN machines - which contain a SIM card which instantly broadcasts the card details to other gang members.

Gangs using the readers can empty bank accounts in three hours - the $2,000 reader is offered as a “package” with a money laundering service built in.

A video promoting the device on cybercrime forums shows the information being transferred via cable - but boasts that if the terminal is fitted with a SIM card, it can “text” the information direct from your table to teams of criminals. The device is offered as a package - alongside a “service” where teams of criminals use cloned cards to buy fake goods, demand refunds, then take the cash.

The video is used as a sales tool for the $2,000 device, which is sold on underground forums in Russia, according to The Register’s report.