Clear79° FULL FORECASTClear79° FULL FORECAST
Make us your home page
Instagram
2180631 2038-01-18 05:00:00.0 UTC 2038-01-18T00:00:00.000-05:00 2014-05-20 21:52:42.0 UTC 2014-05-20T17:52:42.000-04:00 web-security-blogger-talks-about-target-breach published 2014-05-21 01:08:31.0 UTC 2014-05-20T21:08:31.000-04:00 news/business/retail DTI 120975532 ORLANDO — Here's what happens when you go after a Ukrainian guy operating an underground website selling credit card numbers stolen from Target: Details about your finances get posted for any cyber criminal to see. The accused offers you $10,000 not to publish a story identifying him. "I didn't take it,'' said Brian Krebs, noting earlier that Sony has bought the movie rights to his story. Krebs is the Web security blogger (KrebsonSecurity) who broke the news about Target's massive credit and debit card breach that occurred between Nov. 27 and Dec. 15. A former Washington Post reporter, he was at the CNP (CardNotPresent.com) Expo on Tuesday in Orlando to speak on payment security and the risk to retailers. While data breaches aren't new, what happened to Target raised awareness because the impact was so widespread, he said. In December, the retailer said up to 40 million credit and debit card numbers were stolen from holiday shoppers. Another 70 million people had their personal information taken. Krebs said he got tipped off by financial sources who said stolen credit cards, eventually traced back to Target stores, were flooding the underground market. Especially notable was a "card shop'' called Rescator.so, which indexed stolen cards by the city, state and ZIP code from where the data had been stolen. The new locator feature allowed Rescator to sell the cards at higher prices than other sites because crooks could buy cards associated with stores close to them. That enabled them to avoid the scrutiny of banks, which started canceling cards when purchases were made outside a cardholder's home area. Kreb said card numbers sold for $40 to $400, depending on the "valid rate'' of the card, which goes down as breaches are discovered and time passes. Buyers then encoded the data onto fake cards that street gangs and thieves called "runners'' used at stores to buy gift cards and electronics easily sold illegally for cash. Often, the profit outweighed the risk. A stolen card that sold for $300 could fetch $1,200 in purchases, Krebs said. Of the 40 million card numbers snatched from Target, about 2 million were sold, he estimated. In all, the hackers made $40 million to $50 million — seemingly a fortune to those involved but a pittance in the overall scheme. Analysts have estimated the breach will cost Target an estimated $500 million to $1 billion in losses not covered by banks, which are mostly on the hook for the fraudulent charges. Prosecuting the parties responsible has been difficult, Krebs said, partly because they are out of the U.S. grasp. Typically, hackers get busted only if they try to leave their country. Flush with cash, many of them want to, but they also know the risk. Susan Thurston can be reached at sthurston@tampabay.com or (813) 225-3110. By Susan Thurston, Times Staff Writer News, Business, Retail, top-business, breaking-news, top-news, news-nav Web security blogger talks about Target breach STHURSTONN The Web security blogger who broke the story on the store's credit card breach talks about his experience. 4STB Main djn4k5jry774 djn4k Target report put bull's-eye on him Orlando 4 briankrebs052114 Target report put bull's-eye on him 2014-05-21 04:00:00.0 UTC 2014-05-21T00:00:00.000-04:00 1 Brian Krebs, a former reporter at the Washington Post who now operates a widely read Web security blog, spoke Tuesday in Orlando. /resources/images/dti/2014/05/b4s_krebs052114_12564780.jpg New York Times /resources/images/dti/rendered/2014/05/b4s_krebs052114_12564780_4col.jpg/resources/images/dti/rendered/2014/05/b4s_krebs052114_12564780_8col.jpg Target breach, cyber security, Brian Krebs true templatedata/tampabaytimes/StaffArticle/data/2014/05/20/120975532-web-security-blogger-talks-about-target-breach StaffArticle news,businessBusiness Newsnews,business,retailRetailORLANDO — Here's what happens when you go after a Ukrainian guy operating an underground website selling credit card numbers stolen from Target:Target breach, cyber security, Brian Krebs<span style="display:none;" class="author vcard"><span class="fn">SUSAN THURSTON</span></span><span style="display:none;" class="source-org vcard"><span class="org fn">Tampa Bay Times</span></span><a rel="item-license" href="/universal/user_agreement.shtml">&#169; 2016 Tampa Bay Times</a><br /><br />Times Staff Writer 2275613 2016-05-02 17:37:20.0 UTC 4 Months Ago potential-security-breach-at-tampa-international-airport-spurs-review news/business/airlines Potential security breach at Tampa International Airport spurs review StaffArticle 2278974 2016-05-25 23:24:30.0 UTC 3 Months Ago what-to-know-about-long-lines-at-airport-security-over-memorial-day news/business/airlines What to know about long lines at airport security over Memorial Day StaffArticle 2267945 2016-03-04 16:50:38.0 UTC 6 Months Ago duke-energy-florida-chief-talks-about-solar-customer-satisfaction-and-the news/business/energy Duke Energy Florida chief talks about solar, customer satisfaction and the future StaffArticle <p>ORLANDO — Here's what happens when you go after a Ukrainian guy operating an underground website selling credit card numbers stolen from Target:</p> <p>Details about your finances get posted for any cyber criminal to see.</p> <p>The accused offers you $10,000 not to publish a story identifying him.</p> <p>&quot;I didn't take it,'' said Brian Krebs, noting earlier that Sony has bought the movie rights to his story.</p> <p>Krebs is the Web security blogger (KrebsonSecurity) who broke the news about Target's massive credit and debit card breach that occurred between Nov. 27 and Dec. 15. A former<i> Washington Post</i> reporter, he was at the CNP (CardNotPresent.com) Expo on Tuesday in Orlando to speak on payment security and the risk to retailers.</p> <p>While data breaches aren't new, what happened to Target raised awareness because the impact was so widespread, he said. In December, the retailer said up to 40 million credit and debit card numbers were stolen from holiday shoppers. Another 70 million people had their personal information taken.</p> <p>Krebs said he got tipped off by financial sources who said stolen credit cards, eventually traced back to Target stores, were flooding the underground market. Especially notable was a &quot;card shop'' called Rescator.so, which indexed stolen cards by the city, state and ZIP code from where the data had been stolen.</p> <p>The new locator feature allowed Rescator to sell the cards at higher prices than other sites because crooks could buy cards associated with stores close to them. That enabled them to avoid the scrutiny of banks, which started canceling cards when purchases were made outside a cardholder's home area.</p> <p>Kreb said card numbers sold for $40 to $400, depending on the &quot;valid rate'' of the card, which goes down as breaches are discovered and time passes. Buyers then encoded the data onto fake cards that street gangs and thieves called &quot;runners'' used at stores to buy gift cards and electronics easily sold illegally for cash.</p> <p>Often, the profit outweighed the risk. A stolen card that sold for $300 could fetch $1,200 in purchases, Krebs said.</p> <p>Of the 40 million card numbers snatched from Target, about 2 million were sold, he estimated. In all, the hackers made $40 million to $50 million — seemingly a fortune to those involved but a pittance in the overall scheme.</p> <p>Analysts have estimated the breach will cost Target an estimated $500 million to $1 billion in losses not covered by banks, which are mostly on the hook for the fraudulent charges.</p> <p>Prosecuting the parties responsible has been difficult, Krebs said, partly because they are out of the U.S. grasp. Typically, hackers get busted only if they try to leave their country.</p> <p>Flush with cash, many of them want to, but they also know the risk.</p> <p><i>Susan Thurston can be reached at sthurston@tampabay.com or (813) 225-3110.</i></p>trueruntime2016-08-30 05:31:51