It would have given Arthur Conan Doyle, British creator of never-lose sleuth Sherlock Holmes, a headache. International theft, creative detective work, suggestions of piracy and, hopefully, quick intervention – all are part of the huge credit card breach that struck Target stores in the period from Nov. 27 to December 15 last year. The breach was announced Dec. 18 and was quickly picked up by the media.
The loss was huge. “Track Data” from the magnetic strips on the back side of cards, was stolen from cards used at Target outlets across the United States. The theft was immediately followed by quick activity on underground black markets, where the information sells in batches of a million cards, which then are re-sold at prices from $20 to more than $100 per card.
Hundreds of criminal businesses sell stolen credit and debit cards from every bank and country, but some have earned the dubious reputation of offering quality “dumps.” With the pirated information from the stolen cards, experts can effectively clone the cards and use them in stores. Typically, the cards are used by savvy thieves for high-cost merchandise that can easily be converted to cash.
If the PINs associated with the stolen cards could be retrieved, the thieves could even use their false cards to withdraw money from the nearest ATM. There is no evidence that PIN numbers were compromised in this case, investigators say.
Fraud investigators are taking advantage of the known patterns used by such cyber thieves and using the illicit stores to “buy back” some of the stolen cards. In a surprising number of incidents, they were able to establish a direct link to the Target thefts by matching dates. In the Target breach, shadows of piracy emerged as particular dump shops adopted names associated with the history of buccaneering. Investigators identified a major outlet for the stolen cards as “Tortuga,” Spanish for turtle or tortoise, and also a historic base for pirate activities. This particular shop also was linked to an individual whose nickname is “Rescator,” a key figure in Russian cybercrime, who also is known as “Lampeduza.”
Recently, the proprietor of this illicit card shop announced a new base, Barbarossa, again a relic of piracy. (It also was the code name given to Germany’s invasion of the USSR during World War II.) One large American bank investigating the target situation purchased a sampling of cards across several countries and all of the cards the investigators purchased from Barbarossa had been used in Target stores during the breach timeframe.
Gregg Steinhafel, Target president and CEO, issued a statement to customers, acknowledging the breach as a serious crime, not only against the store, but especially against its clientele. “We understand that a situation like this creates stress and anxiety about the safety of your payment card data at Target. Our brand has been built on a 50-year foundation of trust with our guests and we want to assure you that the cause of this issue has been addressed and you can shop with confidence at Target.”
It appeared by late December that the company would re-issue some or all of the 5,300-plus cards affected by the breach. And Steinhafel also had advice for credit card users nervous about the possibility of repeat incidents of theft of personal financial information on this scale:
Closely review account statements, being vigilant for any evidence of misuse of your credit and/or debit cards. Free credit reports are available. Review your status regularly via both these sources, and if you suspect fraud, report it immediately to your financial institutions. You may contact the Federal Trade Commission or report suspicions to local law enforcement. The FTC web site is Consumer.Gov, or call the agency at 877-IDTHEFT (438-4338.) Or write to the FTC Consumer Response Center, 600 Pennsylvania Ave. NW, Washington DC 20580.
If you find fraudulent transactions on your credit report, request that the credit reporting agency delete the information from your report. Under federal law, you are entitled to one free copy of your credit report each 12 months from each of the three nationwide credit reporting agencies. Obtain a report by going to www.AnnualCreditReport.com, or call 877-322-8288.
Research Further at KrebsonSecurity.com