Friday, June 22, 2018
Business

Web security blogger talks about Target breach

ORLANDO — Here's what happens when you go after a Ukrainian guy operating an underground website selling credit card numbers stolen from Target:

Details about your finances get posted for any cyber criminal to see.

The accused offers you $10,000 not to publish a story identifying him.

"I didn't take it,'' said Brian Krebs, noting earlier that Sony has bought the movie rights to his story.

Krebs is the Web security blogger (KrebsonSecurity) who broke the news about Target's massive credit and debit card breach that occurred between Nov. 27 and Dec. 15. A former Washington Post reporter, he was at the CNP (CardNotPresent.com) Expo on Tuesday in Orlando to speak on payment security and the risk to retailers.

While data breaches aren't new, what happened to Target raised awareness because the impact was so widespread, he said. In December, the retailer said up to 40 million credit and debit card numbers were stolen from holiday shoppers. Another 70 million people had their personal information taken.

Krebs said he got tipped off by financial sources who said stolen credit cards, eventually traced back to Target stores, were flooding the underground market. Especially notable was a "card shop'' called Rescator.so, which indexed stolen cards by the city, state and ZIP code from where the data had been stolen.

The new locator feature allowed Rescator to sell the cards at higher prices than other sites because crooks could buy cards associated with stores close to them. That enabled them to avoid the scrutiny of banks, which started canceling cards when purchases were made outside a cardholder's home area.

Kreb said card numbers sold for $40 to $400, depending on the "valid rate'' of the card, which goes down as breaches are discovered and time passes. Buyers then encoded the data onto fake cards that street gangs and thieves called "runners'' used at stores to buy gift cards and electronics easily sold illegally for cash.

Often, the profit outweighed the risk. A stolen card that sold for $300 could fetch $1,200 in purchases, Krebs said.

Of the 40 million card numbers snatched from Target, about 2 million were sold, he estimated. In all, the hackers made $40 million to $50 million — seemingly a fortune to those involved but a pittance in the overall scheme.

Analysts have estimated the breach will cost Target an estimated $500 million to $1 billion in losses not covered by banks, which are mostly on the hook for the fraudulent charges.

Prosecuting the parties responsible has been difficult, Krebs said, partly because they are out of the U.S. grasp. Typically, hackers get busted only if they try to leave their country.

Flush with cash, many of them want to, but they also know the risk.

Susan Thurston can be reached at [email protected] or (813) 225-3110.

Comments
Tampa Bay workforce development initiative looks to Houston for lessons

Tampa Bay workforce development initiative looks to Houston for lessons

The biggest hospitals in Houston had a problem.To earn a prized institutional certification, they needed more nurses with bachelor of science degrees in nursing.But local colleges were more focused on turning out nurses with two-year degrees who, to ...
Updated: 2 hours ago
Health care IT company CareSync shuts down, laying off 292

Health care IT company CareSync shuts down, laying off 292

TAMPA — The days ahead were supposed to be bright.For weeks, the future of health care tech company CareSync had been thrown into question as founder and CEO and founder Travis Bond unexpectedly departed, kicking off multiple rounds of layoffs. But t...
Updated: 3 hours ago
Coal and gas hold onto their share of electricity production, despite massive push for renewables

Coal and gas hold onto their share of electricity production, despite massive push for renewables

Here’s an intriguing set of facts: Coal produces the same percentage of the world’s electricity as 20 years ago. Oil and gas remain about level, too.Same for nonfossil fuel sources. In other words, the massive push towards renewables over the past co...
Updated: 4 hours ago
Brink: Why have Florida’s working-age men left the labor market in droves

Brink: Why have Florida’s working-age men left the labor market in droves

A cancer lurks within Florida’s otherwise rosy job numbers, one that’s been called a quiet catastrophe and an intractable time bomb.Too many men between the ages of 25 and 54 have stopped working.Economists call those the prime-age years. Incomes gen...
Updated: 5 hours ago
Pride divided no more: St. Pete Pride comes back together

Pride divided no more: St. Pete Pride comes back together

ST. PETERSBURG — The 16th annual St. Pete Pride Parade is getting ready to march along the downtown waterfront the second straight year. But many hope to move past the division caused last year when the parade was uprooted from its original hom...
Updated: 10 hours ago
For sale: A Tampa Bay area elementary school where you can eat tacos and buy wine

For sale: A Tampa Bay area elementary school where you can eat tacos and buy wine

ST. PETERSBURG — For sale: a 104-year-old elementary school with restaurant and wine shop. It even has a title company where you can close the deal.Less than a year after completing a major renovation of the historic North Ward school, developer Jona...
Updated: 11 hours ago
Domain Homes: Buyers love them, some others don’t

Domain Homes: Buyers love them, some others don’t

TAMPA — When the 2008 financial crash brought down the nation’s housing market, hundreds of home builders went out of business. Among them was Sharon McSwain Homes in Atlanta, forced to liquidate in 2009.But just as developers like to develop, builde...
Published: 06/21/18
Updated: 06/22/18
Armature Works developers sue Ulele and city of Tampa over use of nearby building

Armature Works developers sue Ulele and city of Tampa over use of nearby building

TAMPA — Two of the city’s hottest developers — the companies behind Ulele and the Armature Works — are heading to court over control of an old city building that sits between the hit eateries. Both want to redevelop the city&...
Published: 06/21/18
Orlando airport first to scan faces of U.S. citizens on international flights

Orlando airport first to scan faces of U.S. citizens on international flights

Associated PressFlorida’s busiest airport is becoming the first in the nation to require a face scan of passengers on all arriving and departing international flights, including U.S. citizens, according to officials there. The expected announcement T...
Published: 06/21/18
Saboteur or whistleblower? Battle between Elon Musk and former Tesla employee turns ugly, exposing internal rancor

Saboteur or whistleblower? Battle between Elon Musk and former Tesla employee turns ugly, exposing internal rancor

Hours after Tesla had sued its former employee on charges he had stolen company secrets, and days after chief Elon Musk had called him a saboteur, the Silicon Valley automaker made a startling claim. The company had received a call from a friend of t...
Published: 06/21/18