Europol and Canadian cops round up POS terminal tampering gang

Filed Under: Featured, Law & order

POS. Image courtesy of ShutterstockPan-European law enforcement agency Europol has announced the take-down of a global gang of cybercrooks thought to be responsible for compromising point-of-sale (POS) terminals in Europe and North America, netting 30,000 sets of card details.

The investigation, referred to as "Operation Spyglass" (or "Project Lorgnette" to its French-speaking participants) was initiated last summer in Canada, and later drew in participation from French and German police forces as well as Canadian banking groups. Europol's European Cybercrime Centre (EC3) provided support and coordination.

The gang members are thought to have tampered with POS terminals in European and North American shopping centres, harvesting card data and disseminating it to teams in several towns across Québec.

These teams then processed the data and passed it on to overseas carders, who used it to create counterfeit cards. The 30,000 sets of card details gathered yielded an average €300 each, for a total "potential loss" of €9 million ($12 million, £7.7 million).

Initial arrests were made in March this year - seven in France and six in Germany - and the Canadian end of the operation was mopped up on October 29th, with 16 people arrested in various parts of Québec. These include the man believed to be the gang's leader in the city of Boucherville, a suburb of Montréal.

In the past POS risk has been dominated by malware targeting the computers running in shops and hotels, particularly in North America where slow adoption of chip-and-pin technology has left these data from systems easier to monetize.

More recently though we've seen rigged card readers available on the cybercrime underground market, making it easy to harvest both card and accompanying PIN data once a trojanised device has been inserted into a business.

Though few details were made available by Europol, the tampering is described as "sophisticated manipulation", and carders' method of acquiring the money as "withdrawal".

The wording implies that they were using the same sort of techniques and had acquired the matching PIN info to go with the card data, allowing them to simply walk up to ATM machines with their cloned cards and take out the cash.

Connecting rogue hardware to sensitive networks seems to be an increasingly common technique for cybercrooks of late, with similar methods used in foiled attempts to rob banks in the UK earlier this year, and also as part of the long-term compromise of Antwerp port facilities by drug smugglers.

It really shouldn't be so easy to inveigle unknown devices onto networks though; device control systems should be able to spot and reject connection attempts from hardware that is not trusted.

Chip and pin card. Image courtesy of ShutterstockMuch effort has gone into the hardening of the chip-and-pin standard to prevent access to complete data in transit or on infectable PC control systems, but it sounds like more work may need to be done on ensuring the physical devices are harder to tamper with, or to simply swap out for trojanised versions.

On the plus side, it's always good to see effective worldwide collaboration between police forces resulting in the successful rounding up of global cybercrime gangs.

So well done to Europol, the various forces and agencies involved and the "hundreds of police officers in the EU and Canada" who took part in the operation.


Image of POS terminal and chip and pin card courtesy of Shutterstock.

, , , , , ,

You might like

One Response to Europol and Canadian cops round up POS terminal tampering gang

  1. RCS Retail Systems · 163 days ago

    It's good to hear that the cops are managing to track and clamp down on these kind of gangs. Customers should feel safe and secure when paying for items with their cards, not worried if their details will be stolen.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.