Make us your home page

Web security blogger talks about Target breach

Brian Krebs, a former reporter at the Washington Post who now operates a widely read Web security blog, spoke Tuesday in Orlando.

New York Times

Brian Krebs, a former reporter at the Washington Post who now operates a widely read Web security blog, spoke Tuesday in Orlando.

ORLANDO — Here's what happens when you go after a Ukrainian guy operating an underground website selling credit card numbers stolen from Target:

Details about your finances get posted for any cyber criminal to see.

The accused offers you $10,000 not to publish a story identifying him.

"I didn't take it,'' said Brian Krebs, noting earlier that Sony has bought the movie rights to his story.

Krebs is the Web security blogger (KrebsonSecurity) who broke the news about Target's massive credit and debit card breach that occurred between Nov. 27 and Dec. 15. A former Washington Post reporter, he was at the CNP ( Expo on Tuesday in Orlando to speak on payment security and the risk to retailers.

While data breaches aren't new, what happened to Target raised awareness because the impact was so widespread, he said. In December, the retailer said up to 40 million credit and debit card numbers were stolen from holiday shoppers. Another 70 million people had their personal information taken.

Krebs said he got tipped off by financial sources who said stolen credit cards, eventually traced back to Target stores, were flooding the underground market. Especially notable was a "card shop'' called, which indexed stolen cards by the city, state and ZIP code from where the data had been stolen.

The new locator feature allowed Rescator to sell the cards at higher prices than other sites because crooks could buy cards associated with stores close to them. That enabled them to avoid the scrutiny of banks, which started canceling cards when purchases were made outside a cardholder's home area.

Kreb said card numbers sold for $40 to $400, depending on the "valid rate'' of the card, which goes down as breaches are discovered and time passes. Buyers then encoded the data onto fake cards that street gangs and thieves called "runners'' used at stores to buy gift cards and electronics easily sold illegally for cash.

Often, the profit outweighed the risk. A stolen card that sold for $300 could fetch $1,200 in purchases, Krebs said.

Of the 40 million card numbers snatched from Target, about 2 million were sold, he estimated. In all, the hackers made $40 million to $50 million — seemingly a fortune to those involved but a pittance in the overall scheme.

Analysts have estimated the breach will cost Target an estimated $500 million to $1 billion in losses not covered by banks, which are mostly on the hook for the fraudulent charges.

Prosecuting the parties responsible has been difficult, Krebs said, partly because they are out of the U.S. grasp. Typically, hackers get busted only if they try to leave their country.

Flush with cash, many of them want to, but they also know the risk.

Susan Thurston can be reached at [email protected] or (813) 225-3110.

Web security blogger talks about Target breach 05/20/14 [Last modified: Tuesday, May 20, 2014 9:08pm]
Photo reprints | Article reprints

© 2017 Tampa Bay Times


Join the discussion: Click to view comments, add yours

  1. Tampa's streetcar system looks to expand north through downtown


    TAMPA — The TECO Line Streetcar system that runs from Ybor City to the Channel District could be extended north through downtown all the way to Tampa Heights, according to the latest update of a $1.7 million study aimed at expanding the streetcar system.

    Riders take in the last few stops of the streetcar route in Ybor City during the tenth anniversary celebration of the TECO line streetcar system in Tampa in 2012. Now officials are looking for ways to expand the service north through downtown to Tampa Heights. [EVE EDELHEIT  |  Times]
  2. Tampa Bay small businesses give Tampa B+ for regulatory climate


    In a recent survey about small business sentiments toward state and local government policies that affect them, Tampa Bay ranked at No. 25 out of 80 — a B+ overall.

    Tampa Bay ranked No. 25 out of 80 in a recent survey about how small business owners feel about state and local government policies that affect them. | [Times file photo]
  3. Seminole Heights restaurants face struggles amid killings, post-Irma

    Food & Dining

    TAMPA — The neighborhood's hip circle of popular, well-regarded restaurants is feeling the squeeze in the wake of a recent killing spree. And the timing is rough.

    Ella’s Americana Folk Art Cafe has been taking precautions in light of the Seminole Heights killings: keeping the lights on all night and having employees walk to their cars in groups.
  4. St. Pete-Clearwater holding food, supply drive for hurricane refugees


    CLEARWATER — St. Pete-Clearwater International Airport and Allegiant Air are holding a food and supply drive for the Hispanic Outreach Center in Pinellas County. The event, which will benefit refugees displaced by Hurricane Maria, will be held Tuesday from 5 p.m. to 8 p.m. at the airport at 14700 Terminal Blvd.

    St. Pete-Clearwater International Airport and Allegiant Air are hosting a food and supplies drive Tuesday for refugees displaced by Hurricane Maria. | [Times file photo]
  5. Tallest building in Pinellas County in search of a new name

    Real Estate

    ST. PETERSBURG — The name "Priatek" is gone from Pinellas County's tallest building, perhaps to be replaced by that of a much better-known company new to the Tampa Bay area.

    The Priatek name is off of downtown St. Petersburg's tallest building.
 [LARA CERRI  |   Times.  2015]