How hackers gave Subway a $30 million lesson in point-of-sale security

While the scale of this particular ring may be significant, the methods used by the attackers were hardly sophisticated. According to the indictment, the systems attacked were discovered through a targeted port scan of blocks of IP addresses to detect systems with a specific type of remote desktop access software running on them. The software provided a ready-made back door for the hackers to gain entry to the POS systems—which is why remote access software is banned from systems that handle payment cards by the PCI Security Standards Council, which governs credit card and debit card payment systems security.

“With PCI compliance, those apps shouldn’t be on those systems,” said Konrad Fellmann, audit and compliance manager for SecureState, an IT security firm with a practice in retail security auditing, in an interview with Ars. But because small retailers who don’t store credit card data, they’re not required to have the same level of auditing as larger companies, Fellmann said.

(Full Story: How hackers gave Subway a $30 million lesson in point-of-sale security)

Advertisements

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: