🔑 Key Takeaways
- Credit card skimmers are illegal devices used to steal information and can lead to severe consequences. The Secret Service has initiated Operation Deep Impact to combat this rising crime, and it's crucial for consumers to report any suspicious activity to authorities.
- Credit card skimming is now affecting online stores and websites, and it is important for e-commerce builders to implement stronger security layers and testing protocols as amateur online shop owners are susceptible to cyber attacks. RiskIQ's historical record of web pages helps identify major cyber threats.
- Updating ecommerce platform, securing servers and using strong passwords are crucial to prevent attacks from hackers like Magecart who inject malicious JavaScript to skim payment data. Stay vigilant and protect your online store and customer data.
- Website owners should be cautious of using third-party suppliers and avoid running external code on their checkout page. Regular verification of third-party suppliers is crucial to avoid falling victim to supply chain attacks, web skimming, and credit card data theft.
- Hackers are increasingly using web skimmers to obtain payment data, emphasizing the importance for companies to adopt stronger security measures and improve vigilance to safeguard their customers' information.
- A JavaScript file was targeted in the British Airways breach, adding a small piece of code to the Modernizr library, affecting 380,000 users. The hackers also targeted Newegg, showing strategic thinking in their skimming code during checkout. The ICO issued a record fine of $237 million.
- Newegg suffered a data breach that resulted in the theft of tens of thousands of credit cards. The lack of transparency from the company raises questions about their handling of user data and the potential for future breaches.
- Be careful with your credit card information online, and report any suspicious purchases. US Secret Service is vigilant in catching fraudsters, but prevention is key.
- RiskIQ partners with Shadow Server and abuse.ch to take down Magecart Group 4, generating reports for law enforcement and IP owners. By disrupting them repeatedly, RiskIQ is able to track and piece together links of their infrastructure.
- Regularly monitor your bank statements for suspicious activity and implement security measures such as Subresource Integrity, iframe sandboxing, and strict Content Security Policies on payment pages to prevent skimming. Prioritize isolating payment data and avoid unnecessary features on payment pages to improve security hygiene.
📝 Podcast Summary
The Danger of Credit Card Skimmers
Credit card skimmers are small devices that are used to obtain credit card information from gas pumps. Once the data is obtained, the skimmer can be used to write the information onto blank credit cards which can be used to purchase items anonymously. Though this scheme is profitable, it is illegal and can result in steep sentences like the one Carlos, a Florida man, received. Despite being caught and sentenced to prison on two separate occasions, Carlos continued to manufacture and use skimmers. Due to the increasing popularity of skimming, the Secret Service initiated Operation Deep Impact to combat this crime. Consumers should be wary of credit card skimming devices and report any suspicious activity to authorities immediately.
The Impact of Credit Card Skimming on Online Stores and Websites.
With the rise of credit card skimming, the problem has now affected online stores and websites. RiskIQ's head of threat research, Jonathan Klijnsma, uses a web crawling bot to scour through two billion websites daily, searching for malicious activities. By collecting data and looking for anomalies, Jonathan can identify four major threats: skimmers, redirects, exploit kits and scams. Magento, an e-commerce builder, has been plagued with cyber attacks due to the insufficient security layers implemented by amateur online shop owners, which highlights the need for stronger security and proper testing protocols. RiskIQ's historical record of web pages enables them to trace back how long the malware was hidden on a webpage.
Importance of Prioritizing Security Measures for Online Shops
As an online shop owner, it is important to prioritize security measures such as updating the ecommerce platform to prevent vulnerabilities and securing servers as well as using strong passwords. Failure to do so can make the website vulnerable to attacks from hackers like Magecart who inject malicious JavaScript to skim payment data from unsuspecting customers. The small piece of JavaScript can be added to the website in various ways including breaching the website directly or adding it to snippets such as Google Analytics. As such, it is crucial to remain vigilant and take all necessary precautions to protect the security of your online store and customer data.
The Risks of Third-Party Suppliers and Website Security.
Website owners should be aware of the potential dangers of third-party suppliers and their impact on website security. Running code on a website that was not written by the owner means supply chain attacks can be executed. This can result in websites being compromised by credit card skimming code or other malicious scripts. Even if a website owner is not processing payments, they can still be affected. Therefore, individuals should avoid running any external party on their checkout page and verify third-party suppliers regularly. Ensuring websites are secure is essential, and website owners should follow expert advice to avoid falling victim to supply chain attacks and web skimming, which is a prevalent method of stealing credit card data.
The Rise of Magecart Hacking Group and the Threat to Credit Card Skimming
The Magecart hacking group has grown over time to become a common tactic used by many hackers for credit card skimming. The group uses web skimmers on websites to obtain payment data, which can then be used for fraudulent purposes. Even big companies like British Airways have been affected by such attacks, with hackers modifying a JavaScript library on the airline's website to add a small script that would extract credit card and personal information from payment forms. The ease with which hackers can place web skimmers on websites highlights the need for stronger security measures and better vigilance by companies to protect their customers' data.
The British Airways Breach & the Hackers' Skimming Code on Newegg
A single JavaScript file was targeted in the British Airways breach, as it loaded for both mobile and desktop transactions. The hackers added a small piece of code to the Modernizr library, and the breach affected 380,000 users. British Airways tried to avoid media attention and did not disclose the details of the breach. The ICO found that the airline violated GDPR policies and issued a record fine of $237 million. The same skimming code was later found on the website newegg.com, and the hackers registered a domain called neweggstats.com. The checkout process on Newegg was more elaborate, showing the hackers' strategic thinking.
Lack of Transparency in Data Breach Raises Concerns for Newegg Customers
Hackers added just fifteen lines of JavaScript to the Newegg checkout page and were able to scrape tens of thousands of credit cards per day over 33 days. Jonathan and his team discovered the breach and informed Volexity, who helped Newegg clean it up. However, Newegg did not make a significant public statement about the breach and customers were not informed directly. This lack of transparency raises concerns about what other data breaches Newegg may have experienced and what they may be doing with user data. Stolen credit cards from large breaches like this end up on dark markets, and investigations are ongoing to locate these markets.
The Dangers of Stolen Credit Cards and How Authorities Track Financial Fraud
Stolen credit cards are often sold on the dark net and used to make illegal purchases. The US Secret Service tracks financial fraud seriously and can move quickly to catch fraudsters. Jonathan tracks hacking groups who skim credit card data from web pages, but they are difficult to identify because they are criminals. Hacking groups usually sell stolen credit card data to other groups, who then sell it online. Cards can be invalidated if they are not used for a long time or if people lose or replace them. The high-validity rate of the cards being sold indicates a recent dump of cards. Cards used in countries outside the one in which they are issued raise red flags and are more easily detected.
RiskIQ's ongoing mission to disrupt Magecart Group 4 and protect customers' data.
Magecart Group 4 is a technically advanced group that steals card data and uses bulletproof hosters. RiskIQ works with Shadow Server and abuse.ch to disrupt them by taking down their domains and sink-holing them through Shadow Server. This generates automated reports for law enforcement and affected IP owners. By repeatedly disrupting Magecart Group 4, they make mistakes that allow RiskIQ to track and piece together links of their infrastructure. Although the group is difficult to trace, RiskIQ continues to disrupt them to protect their customers. RiskIQ receives payment from customers who use their data products, including raw access or a web UI with various data sets.
Protect Yourself and Your Customers from Online Credit Card Skimming
To protect yourself from online credit card skimming, monitor your expenses and bank statements to detect any suspicious activity. For website owners, implementing Subresource Integrity, separating payment processes from the website through iframe sandboxing, and defining strict Content Security Policies are effective ways to isolate payment data and prevent skimming. However, websites with ads may find implementing strict policies challenging. Additionally, security measures should prioritize isolating payment data and avoiding unnecessary features on the payment page. As online credit card skimming continues to grow, it's essential to prioritize security hygiene and continue to search for ways to improve online payment security.