Russian organised cybercrime has broken into Oracle’s point-of-sale credit card payment systems.
According to KrebsOnSecurity the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.
Oracle acknowledged that it had “detected and addressed malicious code in certain legacy MICROS systems.” It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal.
MICROS is among the top three point-of-sale vendors globally. Oracle’s MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS’s systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.
The size and scope of the break-in is still being investigated, and it remains unclear when the attackers first gained access to Oracle’s systems. Oracle first considered the breach to be limited to a small number of computers and servers at the company’s retail division. However it started to look a lot worse as the investigation developed.
KrebsOnSecurity said an Oracle MICROS customer reported hearing about a potentially large breach at Oracle’s retail division.
Oracle’s MICROS customer support portal apparently had a chat to a server used by the Carbanak Gang. Carbanak is part of a Russian cybercrime syndicate that is suspected of stealing more than $1 billion from banks, retailers and hospitality firms over the past several years.
Who needs hackers? It turns out that all that personal data stored in US corporate servers can be sold off to the highest bidder anyway.
Radio Shack, which has been collecting customer data since the 1980s, is about to sell the lot to raise money to pay off some of its debts.
A list of RadioShack assets for sale includes more than 65 million customer names and physical addresses, and 13 million email addresses. The asset sale may include phone numbers and information on shopping habits as well.
Standard General, a hedge fund and RadioShack’s largest shareholder has bought the database but a bankruptcy court still has to approve the deal.
Needless to say some people have a problem with this and some customers have gone to court to block the sale.
As Bloomberg points out, Texas Attorney General Ken Paxton has argued that selling the data would be illegal under state law. Texas doesn’t allow companies to sell personal information in a way that violates their own privacy policies, and signage in RadioShack stores claims that “We pride ourselves on not selling our private mailing list.” Paxton believes that a data sale would affect 117 million people.
AT&T also wants RadioShack’s data destroyed for competitive reasons. AT&T doesn’t think RadioShack is entitled to the personal information it collected from wireless sales, and may be concerned that the data might fall into another carriers’ hands.
Standard General, which plans to keep some RadioShack stores open, may try to argue that it’s putting the data to similar uses.
Fears that computer hackers could compromise industrial as well as military and commercial systems have been confrmed.
A report by the German Federal Office for Information Security (BSI) said that a large German steel mill was shut down after hackers stole logins allowing them to compromise the industrial infrastructure.
The BSI did not name the company but said the hackers were sophisticated technically and hacked into software that administered the plant.
They forced the plant to shut down and also compromised a blast furnace.
The news underlines concerns of the extent to which key parts of a country’s infrastructure is open to compromise by hackers.
Over the weekend, hackers compromised some South Korean nuclear installations and published diagrams showing the layout of some installations. The hackers have threatened to damage the nuclear installations themselves if the reactors are not shut down before December 25th.
It’s not known if control systems are vulnerable to such attacks.
One of the last refuges of dissidents in oppressive regimes has been taken down by hacker agencies working for the US government.
The Tor system, which was often the only way that dissidents could communicate in repressive regimes or that whistle blowers could leak their information, warned that many of its users might have been identified by government-funded researchers.
Tor Project leader Roger Dingledine said the service had identified computers on its network that had been altering Tor traffic for five months in an attempt to unmask users connecting to what are known as “hidden services.”
Dingledine said it was “likely” the attacking computers were operated on behalf of two researchers at the Software Engineering Institute, which is housed at Carnegie-Mellon University, but funded mainly by the US Department of Defence. The computers have been removed from the network, but the damage has already been done.
The pair had been scheduled to speak on identifying Tor users at the Black Hat security conference next month. After Tor developers complained to Carnegie-Mellon, officials there said the research had not been cleared and cancelled the talk.
Dingledine said that users who operated or accessed hidden services from early February through July 4 should assume they were affected.
Those navigating to ordinary websites should be in the clear.
Hidden services include underground drug sites such as the shuttered Silk Road, as well as privacy-conscious outfits such as SecureDrop, which is designed to connect whistle blowers with media outlets.
Dingledine said the physical locations where the hidden services were housed could have been exposed, although probably not the content on them that was viewed by a visitor.
All that matters now is if the spooks will just pop around to the researchers with a warrant and ask that they hand over all the details.
The FBI had no immediate response to questions about whether it would seek the data and the Defence Department was not sure if it had the right to raw research from the Institute.
Dingledine advised users to upgrade to the latest version of its software, which addresses the vulnerability that was exploited. He warned that attempts to break Tor were likely to continue.