Tuesday, January 23, 2018
Business

Web security blogger talks about Target breach

ORLANDO — Here's what happens when you go after a Ukrainian guy operating an underground website selling credit card numbers stolen from Target:

Details about your finances get posted for any cyber criminal to see.

The accused offers you $10,000 not to publish a story identifying him.

"I didn't take it,'' said Brian Krebs, noting earlier that Sony has bought the movie rights to his story.

Krebs is the Web security blogger (KrebsonSecurity) who broke the news about Target's massive credit and debit card breach that occurred between Nov. 27 and Dec. 15. A former Washington Post reporter, he was at the CNP (CardNotPresent.com) Expo on Tuesday in Orlando to speak on payment security and the risk to retailers.

While data breaches aren't new, what happened to Target raised awareness because the impact was so widespread, he said. In December, the retailer said up to 40 million credit and debit card numbers were stolen from holiday shoppers. Another 70 million people had their personal information taken.

Krebs said he got tipped off by financial sources who said stolen credit cards, eventually traced back to Target stores, were flooding the underground market. Especially notable was a "card shop'' called Rescator.so, which indexed stolen cards by the city, state and ZIP code from where the data had been stolen.

The new locator feature allowed Rescator to sell the cards at higher prices than other sites because crooks could buy cards associated with stores close to them. That enabled them to avoid the scrutiny of banks, which started canceling cards when purchases were made outside a cardholder's home area.

Kreb said card numbers sold for $40 to $400, depending on the "valid rate'' of the card, which goes down as breaches are discovered and time passes. Buyers then encoded the data onto fake cards that street gangs and thieves called "runners'' used at stores to buy gift cards and electronics easily sold illegally for cash.

Often, the profit outweighed the risk. A stolen card that sold for $300 could fetch $1,200 in purchases, Krebs said.

Of the 40 million card numbers snatched from Target, about 2 million were sold, he estimated. In all, the hackers made $40 million to $50 million — seemingly a fortune to those involved but a pittance in the overall scheme.

Analysts have estimated the breach will cost Target an estimated $500 million to $1 billion in losses not covered by banks, which are mostly on the hook for the fraudulent charges.

Prosecuting the parties responsible has been difficult, Krebs said, partly because they are out of the U.S. grasp. Typically, hackers get busted only if they try to leave their country.

Flush with cash, many of them want to, but they also know the risk.

Susan Thurston can be reached at [email protected] or (813) 225-3110.

Comments
Career Q&A: Sharpen interview skills to overcome impression of shyness

Career Q&A: Sharpen interview skills to overcome impression of shyness

Q: At the end of a recent interview, the manager told me that I would not be getting the job. He said I wasn’t a good fit for the position because I was shy. As a naturally introverted person, I found this very discouraging. How can I avoid similar p...
Updated: 4 hours ago
Lawmakers call for additional investigations into Tampa Bay’s two CareerSource boards

Lawmakers call for additional investigations into Tampa Bay’s two CareerSource boards

Federal and state lawmakers are calling on Congress and the Florida House of Representatives to investigate whether two regional workforce centers inflated the number of people they helped find jobs. U.S. Rep. Charlie Crist, D–St. Petersburg, and sta...
Updated: 4 hours ago
CEO Nancy Tower’s goal for Tampa Electric: renewable energy

CEO Nancy Tower’s goal for Tampa Electric: renewable energy

TAMPA — Tampa Electric Co.’s future will be green if new CEO Nancy Tower has anything to say about it. Speaking at a University of Tampa panel Tuesday, Tower outlined her plan to move the Tampa-based utility toward a completely renewable energy portf...
Updated: 8 hours ago
Chase to make $20B investment, raise wages

Chase to make $20B investment, raise wages

JPMorgan Chase announced Tuesday that it will boost wages, open new branches and hire thousands of new workers, citing improved economic performance and sweeping changes to the U.S. tax code. Wages will rise to between $15 and $18 an hour from a rang...
Updated: 10 hours ago
Disney offering staff $1,000 bonuses, new education funding

Disney offering staff $1,000 bonuses, new education funding

NEW YORK — The Walt Disney Co. will give more than 125,000 eligible employees a one-time $1,000 cash bonus and invest $50 million in an education funding program. The media company said Tuesday the bonuses will go to all full and part-time non-execut...
Updated: 10 hours ago
Tampa micro housing advocates find big demand for living small

Tampa micro housing advocates find big demand for living small

TAMPA — When Omar Garcia announced plans to transform a vacant downtown office building into 120 micro apartments of about 300 square feet each, the calls and checks poured in."We got 90 reservations like that," Garcia said Tuesday, snapping his fing...
Updated: 12 hours ago
Elon Musk’s new pay package tied to massive Tesla growth

Elon Musk’s new pay package tied to massive Tesla growth

Associated PressPALO ALTO, Calif.— Elon Musk will remain at Tesla Inc. under a 10-year, all-or-nothing pay package that demands massive growth. The agreement, revealed Tuesday in a regulatory filing, requires that Tesla grow in $50 billion leaps, to ...
Published: 01/23/18

Verizon misses its profit forecast

Associated PressNEW YORK — Verizon Communications Inc. on Tuesday reported fourth-quarter earnings of $18.67 billion.On a per-share basis, the New York-based company said it had profits of $4.56. Earnings, adjusted for one-time gains and costs, were ...
Published: 01/23/18
Hungry at Gasparilla? Eight great restaurants near the parade route

Hungry at Gasparilla? Eight great restaurants near the parade route

GASPARILLA: THE DINING EDITIONGasparilla. Some things are certain. There will be scantily clad pirates and liquid libations. At some point, it is advised to eat some food. Here are some of the top places that are easily accessed along the invasion ro...
Published: 01/23/18

Pasco Business Digest for Jan. 26

Business digestBrieflySMALL BUSINESS BRIDGE LOANS HELP PASCO: The Florida Small Business Development Center at the University of South Florida facilitated 141 Florida Emergency Bridge Loans, totalling $7,515,100 in funding. In Pasco County, eight loa...
Published: 01/23/18