Professor Outlines Risks Exposed by Home Depot Hack

22/09/2014

News image
Professor Bill Buchanan has outlined the details of the Home Depot Hack here. and which has possibly exposed over 56 million credit and debit card details.

Introduction

The risks around intruders stealing passwords and credit cards show no signs of abating, with the new announcement  that Home Depot  point-of-sale points had a malware agent installed on them and which could have resulted in over 56 million credit and debit cards details being stolen. The Home Depot looks to have increased on the recent Target hack which exposed an estimated 40 million cards. Overall the main problem seems to be that companies have setup a whole lot of back-end defences, but have forgotten that once the intruder has a touch-point in the network, they can often go undetected.

Home Depot exploit

For the Home Depot exploit, the hackers installed malware at the point-of-sale, and which was similar to the recent Target back, in order to gather collect customer data from their cash registers. It is likely that this ran from April 2014 to the beginning of September 2014, before it was finally detected. The company have just annouched that it has now made sure that they have gotten rid of the malware, but this is no defence against the customers who have already had their credit card details compromised.

The lesson learnt must be to try and reduce the time it takes to detect a threat, and quickly respond to it. So as the back-end financal services become more security, hackers will focus more on the point-of-sale, and thus retailers such as Home Depot need to spend more effort detecting exploits, as much as they do on data protection.

Overall it is expects that the breach will cost Home Depot at least $62 million, showing that money spent on detection and prevention in security is often a good investment. A brand can also be damaged with a loss of respect by customers. The hack, for example, against the Sony PlayStation Network is thought to have cost Sony $170 Million in direct costs, and led to major damage on their brand.

History repeats with a new Target

The Home Depot hack is likely to be greater that the preceding Target hack, which resulted in a large number of credit and debit card appearing on the credit card clearing house site: rescator.cc . From the Target attack, there have been batches defined as “American Sanctions” and “European Sanctions”, and some speculate that it was retribution on penalties imposed by the West on Russia for their actions in Ukraine.

Stolen card data on Rescator.cc (Figure 1) can command prices up to $100 for each credit card details, and it has become one of the largest clearinghouse for breaches, with many hundreds of thousands of cards being sold in a single batch. It can be seen from the meta details from the site, that they buy and sell credit card details, including CVV details:

<title>Rescator.CC - Buy Dumps Shop & Credit Cards with cvv2</title> <meta name="keywords" content="dumps shop, credit cards cvv, credit cards cvv2, dumps, dumps with pin, cvv2, buy dumps, buy credit cards, buy creditcard, buy cvv, buy cvvs, d+p, sell dumps, buy dumps, buy cvv, buy cvv2, sell dumps, sell track2, buy track2, buy cards, cheap cvv, buy cvv, sell cvv, fresh cvv, good cvv, buy good cvv, sell good cvv, best cvv, check cvv, cvv2 dump, buy cvv online, sell cc, dump shop" /> <meta name="description" content="Buy Dumps Shop of Superior Quality. Track1 & Track 2. Valid rate of %90. Feedbacks on many forums."> <script type="text/javascript">

Diagram shown in Blog

Figure 1: Recator.cc

Conclusions

The “shooting fish in a barrel” analogy seems flippant, but it can be seen that as the defences have toughened up on the back-end, the real risk is now at the front-end, which is exposed to a range of environments. If each credit card detail is worth up to $100, there is thus a lucrative market out there to find new ways to shoot the fish.

 
[Read More]

Associated people

William Buchanan
Director of CDCS
w.buchanan@napier.ac.uk
+44 131 455 2759
Cyber-Security
Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.

Resources