Target hackers shopping around for data decryption services?
Posted on 14 January 2014.
The target breach and the massive amount of user information compromised in its wake is understandably worrying customers. But what are the odds of it being actually used by the cyber crooks behind the heist?

If intelligence aggregator InterCrawler is to be believed, the likelihood is good, even though the stolen credit card info (CVV codes and PIN data) is encrypted in TripleDES.


"There is an active group of Eastern European cybercriminals who specializes in attacks on merchants and Point-of-Sale terminals by using sophisticated malware and targeted perimeter attacks. Their goal is the interception of payment and PIN blocks data, which many systems have been sniffed and grabbed in the past," they stated.

"Just recently, several criminals in underground are interested in decrypting of 3DES blocks and information intercepted from serial COM-port connected to POS (9600 7E1) and Man-in-the-Middle attack."

The discussion about this problem is not new, and for years now hackers have managed to intercept packets carrying this type of data, but are unable to decrypt it (sometimes even if they have the key).

Their pleas for help are often answered by other hackers that apparently know how to decrypt them, but whether their claims are true or not it can't be determined.

"Experienced cybercriminals have noticed many 'encrypted networks' allow for some plain txt capture. But to handle the more sensitive encrypted data, some of the more professional hackers have set up an 'investment fund' for creating 22 teraflops cluster for 3DES brute force, which could give them a much higher return on POS malware," the company shared.

"The leader of this group was actively working on the development of special software for PIN-blocks decryption by its brute forcing having examples of dump, PIN and hash.

Requests for 3DES decryption of some 50 Gb of PIN data have been spotted right after the Target breach was publicly announced. InterCrawler impersonated a hacker claiming he can do it, and has analysed the received sample hex stream from the cyber crook. They have reason to believe that the compromised data in question is tied to customers in the US and Canada (Target has brick-and-mortar shops in both countries).

IntelCrawler CEO Andrew Komarov says that hackers have been known to decrypt PIN dumps in the past, even when they were encrypted with 3DES.

Errata Security's Robert Graham claims the opposite, but allows the possibility of hackers getting the PINs without decrypting them because two identical PINs decrypt to the same value, and he explained how to go about it in a helpful blog post.

Still, he believes that Target has probably also salted the encrypted data, and that does make it impossible for cyber crooks to decrypt it.









Spotlight

Internet Explorer vulnerabilities increase 100%

Posted on 23 July 2014.  |  Bromium Labs research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //