All the latest UK technology news, reviews and analysis

Eastern European hackers caught selling Target customer card data

04 Feb 2014

Eastern European cyber criminals have been caught selling customer data stolen during a raid on US retailer Target, say security researchers at FireEye.

The Target breach is believed to have occurred between 27 November and 15 December. It saw hackers break into Target's systems and compromise over 40 million credit and debit card accounts.

The criminals are believed to have stolen customers' credit and debit card numbers, card expiration dates and debit card PIN numbers.

Senior researcher at FireEye Narottama Villeneuve told V3 the stolen card details were being sold on underground Russian-language forums. "It is not surprising that the data is being sold on underground forums. The buyers may use the card data to make fraudulent purchases. Often, these activities are conducted via ‘pack mules' or ‘re-shipping fraud'," he said.

Villeneuve said FireEye uncovered evidence suggesting the criminals have started developing sophisticated partnerships, known as partnerkas, to maximise their profits.

"The partnerkas are organised using an affiliate model. A source, for say malware, will use a network of re-sellers to sell the malware to operators who actually use the malware," said Villeneuve.

"These operators purchase bulletproof hosting for their operation from providers who market this hosting in a similar way. In effect, the more publicised operations that we hear about in the news rely upon a cybercrime ecosystem that is always operating and adapting – these are not isolated events."

Bulletproof hosting is a service offered by less scrupulous web hosting firms, which gives customers more freedom over what material they can upload. In the past Bulletproof hosts have been used for a variety of criminal purposes, including running cyber black markets, such as those discovered by FireEye, and child pornography sites.

FireEye researchers said the underground markets are also being used as forums to sell malware. The researchers said the malware is currently being sold for between $1,800 to $2,300.

Villeneuve told V3 that the malware will inevitably be used by hackers to mount further data-stealing attacks, but highlighted recent success by law enforcement in shutting down similar operations as cause for hope.

"We expect these types of breaches to continue. However, it should be noted that there have been successful law enforcement actions against those engaged in coding and using malware designed to commit banking and credit card theft or fraud. Recently, the author of SpyEye was arrested as were those behind Carberp," said Villeneuve.

SpyEye is a financially focused malware that is believed to have stolen hundreds of millions of dollars of financial data. The SpyEye author, Aleksandr Andreevich Panin, was arrested by US authorities on 1 July 2013 at the Hartsfield-Jackson Atlanta International Airport. He pleaded guilty to helping create and distribute the SpyEye malware in January.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Devices at work poll

Which device do you use most for work?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Front End Web Developer - HTML5, CSS3, AngularJS - Hedge Fund

My client are a successful and modern hedge fund, currently...

Ruby Automation - Dev in Test

Ruby Dev in Test, Ruby Automation Tester, Cucumber, Capabara...

Graduate/Junior Software Developer

Our client is now going through a growth phase and is...

Senior Android Developer - Native Apps - Top E-Commerce Company

Senior Android Developer (Java, Android Marketplace...
To send to more than one email address, simply separate each address with a comma.