Home Depot’s massive security breach was caused by the same hack that hit TargetAll credit cards used at Home Deport within the last three months should be replaced Purchasing goods with credit and debit cards at point-of-sales terminals is becoming increasingly risky. A few months prior, Target’s massive security breach leaked 40 million credit and debit card numbers from cash registers running a Microsoft Windows-based software. More recently, several banks are reporting that the Home Depot lapsed into a similar same sinkhole – quite literally – as sources close to the ongoing investigation reveal that the hardware giant was hit with the same malware as Target. KrebsOnSecurity, the “in-depth security news and investigation” blog run by security expert Brian Krebs, was the first source to break the news last Tuesday of Home Depot’s security troubles, claiming that multiple banks traced a series of card-related frauds back to Home Depot locations across the nation. A source involved in the investigation stated that multiple registers belonging to the retailer were infected with a strain of the “BlackPOS,” the same BlackPOS that was discovered on Target’s point-of-sale system back in December. The BlackPOS malware enables credit or debit card data to be snagged every time the card was used at the infected point-of-sale. Moreover, the data was placed on sale at Rescator[dot]com, the dark web shop belonging to the cybercriminal, Rescator, where the 40 millions of cards Target card numbers were sold. Krebs observed that certain clues contained within the malware’s code suggest that the Home Depot breach had been occurring for months. Furthermore, nine more batches of stole cards appeared on Rescator in the last few days, all under the same label assigned to the first two batches that notified U.S. banks to a pattern of card fraud stemming from Home Depot. Finally, the card numbers stolen from Target were also sold in a batch-like manner on Rescator over the course of three months. What’s more, Krebs points out that the hack may have been
politically motivated. A few strings of code embedded in
BlackPOS’ link to news, editorial articles, and cartoon
related to anti-American propaganda. A separate string leads
to an image of the current conflict between the pro-Russian
separatists and the Ukrainian forces. When Krebs himself
traced Rescator’s multiple online personas, he found a young
programmer in Odessa, Ukraine. Update 9.9.14: Home Depot
admits that 60 million credit card and debit numbers
were stolen. |