Pan-European law enforcement agency Europol has announced the take-down of a global gang of cybercrooks thought to be responsible for compromising point-of-sale (POS) terminals in Europe and North America, netting 30,000 sets of card details.
The investigation, referred to as “Operation Spyglass” (or “Project Lorgnette” to its French-speaking participants) was initiated last summer in Canada, and later drew in participation from French and German police forces as well as Canadian banking groups. Europol’s European Cybercrime Centre (EC3) provided support and coordination.
The gang members are thought to have tampered with POS terminals in European and North American shopping centres, harvesting card data and disseminating it to teams in several towns across Québec.
These teams then processed the data and passed it on to overseas carders, who used it to create counterfeit cards. The 30,000 sets of card details gathered yielded an average €300 each, for a total “potential loss” of €9 million ($12 million, £7.7 million).
Initial arrests were made in March this year – seven in France and six in Germany – and the Canadian end of the operation was mopped up on October 29th, with 16 people arrested in various parts of Québec. These include the man believed to be the gang’s leader in the city of Boucherville, a suburb of Montréal.
In the past POS risk has been dominated by malware targeting the computers running in shops and hotels, particularly in North America where slow adoption of chip-and-pin technology has left these data from systems easier to monetize.
More recently though we’ve seen rigged card readers available on the cybercrime underground market, making it easy to harvest both card and accompanying PIN data once a trojanised device has been inserted into a business.
Though few details were made available by Europol, the tampering is described as “sophisticated manipulation”, and carders’ method of acquiring the money as “withdrawal”.
The wording implies that they were using the same sort of techniques and had acquired the matching PIN info to go with the card data, allowing them to simply walk up to ATM machines with their cloned cards and take out the cash.
Connecting rogue hardware to sensitive networks seems to be an increasingly common technique for cybercrooks of late, with similar methods used in foiled attempts to rob banks in the UK earlier this year, and also as part of the long-term compromise of Antwerp port facilities by drug smugglers.
It really shouldn’t be so easy to inveigle unknown devices onto networks though; device control systems should be able to spot and reject connection attempts from hardware that is not trusted.
Much effort has gone into the hardening of the chip-and-pin standard to prevent access to complete data in transit or on infectable PC control systems, but it sounds like more work may need to be done on ensuring the physical devices are harder to tamper with, or to simply swap out for trojanised versions.
On the plus side, it’s always good to see effective worldwide collaboration between police forces resulting in the successful rounding up of global cybercrime gangs.
So well done to Europol, the various forces and agencies involved and the “hundreds of police officers in the EU and Canada” who took part in the operation.