Russian organised cybercrime has broken into Oracle’s point-of-sale credit card payment systems.
According to KrebsOnSecurity the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.
Oracle acknowledged that it had “detected and addressed malicious code in certain legacy MICROS systems.” It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal.
MICROS is among the top three point-of-sale vendors globally. Oracle’s MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS’s systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.
The size and scope of the break-in is still being investigated, and it remains unclear when the attackers first gained access to Oracle’s systems. Oracle first considered the breach to be limited to a small number of computers and servers at the company’s retail division. However it started to look a lot worse as the investigation developed.
KrebsOnSecurity said an Oracle MICROS customer reported hearing about a potentially large breach at Oracle’s retail division.
Oracle’s MICROS customer support portal apparently had a chat to a server used by the Carbanak Gang. Carbanak is part of a Russian cybercrime syndicate that is suspected of stealing more than $1 billion from banks, retailers and hospitality firms over the past several years.
Questions have been raised among the security community about a huge attack on US systems which is alleged to have stolen 1.2 billion user name and password combinations and more than 500 million email addresses.
The hack was discovered by an outfit called Hold Security and was claimed to include confidential material gathered from 420,000 websites, including household names, and small Internet sites.
Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems, so it should have been seen as a reliable source.
The company said the attack was found after more than seven months of research and was being carried out by a Russian cyber gang which is currently in possession of the largest cache of stolen data. While the gang did not have a name, we dubbed it “CyberVor”.
All cool stuff, but many of the comments about the hack online centre on the fact that Hold Security happens to offer a $120/month breach notification service so that people can find out if the hackers have their passwords on file.
Others have focused on the fact that Hold Security timed the announcement to fit with the Black Hat Security conference to spark a debate on password security.
PC World said there were unanswered questions about the hack.
Hold Security said the hacking group started out buying stolen credentials on the black market, then used those credentials to launch other attacks. However, it is unclear how many credentials they bought and how many of the 1.2 billion they culled themselves. In other words, this database, if it exists, could be full of ancient data.
It is also not clear if the passwords that are alleged to be stolen came from important financial sites or less important ones. It is also questionable what the hackers would do with those details.
If they are fresh credentials for important services like online banking, they are ripe to be used to siphon money from online accounts. If they are older or from little-used services, they might be used to send spam by email or post it in online forums.
The Russian space agency Roscosmos has managed to gain control over a satellite crewed by randy lizards who are keen to test out sex in zero gravity.
Mission control said that it has manage to gain positive control over the agency’s orbiting Foton-M4 satellite. Launched a week ago, Foton-M4 carries a primarily biological payload made up of geckos, flies, plant seeds, and various micro-organisms which was supposed to test out how lower orders of life bonk when there is no gravity.
The satellite made headlines late last week when just a few days after launch, ground control lost communication with the satellite and could no longer send it commands.
Apparently the satellite’s five-gecko crew, four females and one male, were sent aloft by Russian scientists in order to study the effects of microgravity on sex and reproduction are safe. Scientists are spying on the geckos and then slice up the randy couples when the satellite returns to Earth at the conclusion of its two-month mission.
If they had not fixed Foton-M4 it would remain in its 357-mile orbit for about four months—two months longer than the provisions for its biological payload would last. The Geckos having bonked themselves to exhaustion would have run out of food and begun to eat each other, and not in a good way. The survivors would have been burnt to a crisp on re-entry.
Now that the spacecraft is functioning normally, the lizards can get to it safe in the knowledge that their death will not take place until they are safely in a Russian lab back on the planet. Now all that can go wrong is a reptile dysfunction.
The US has arrested a Russian national and charged him with hacking.
The Department of Homeland Security said Roman Valerevich Seleznev hacked into American retailers’ computer systems to steal credit card data from 2009 to 2011.
It has taken the Secret Service a while to find Seleznev, who was indicted in Washington state in March 2011 on charges including bank fraud, causing damage to a protected computer, obtaining information from a protected computer and aggravated identity theft.
At that time it was suggested that Seleznev hacked into websites ranging from those run by the Phoenix Zoo, a branch of Schlotzsky’s Deli and many other small restaurants and entertainment venues.
Secretary of Homeland Security Jeh Johnson implied that the hacks were the work of organised crime and that Seleznev was probably working for the Russian mafia.
“This important arrest sends a clear message: despite the increasingly borderless nature of transitional organized crime, the long arm of justice – and this Department – will continue to disrupt and dismantle sophisticated criminal organizations,” Johnson said.