Try American Sex Dates 4 Fun!
Reset Password
Reset Link Sent
Try American Sex Dates 4 Fun!
| Blogs > IsabellaCD8 > Bella's Blog |
Profiting from Credit Card Fraud
|
Profiting from Credit Card Fraud A friend of mine was hired by a company that is a service provider for credit card transactions. She immediately sees that there is a security problem. Unknown files and programs appear on servers and customers are reporting data breaches. Some files are identified as malware by the antivirus program. Upon further examination, the file is searching the memory of the Server and extracting Credit card information, saving it to a file and then sending the data offsite. Antivirus is unable to delete the files and in some cases antivirus is completely disabled. The files are manually deleted, however new files “re-appear” the next day and the new files are not detected by antivirus. My friend had done some vulnerability management in a previous position and discovered tools that had been purchased and set up. The scanners had been collecting data although no one was actually viewing the data. After checking one particular server in the scan results, it appears that a 10 year old vulnerability is being exploited. She goes to the director of software development to discuss what is happening. Changes are made to address the issue and the intrusions are stopped. The new files are sent to the Antivirus vendor so definitions can be updated. A scripted search is performed by my friend and all similar files are found and deleted. She works hard to implement patching and vulnerability management; however there is much resistance to her work. Patching can break applications and there are already problems with stability. (I’m sure) The question is asked “Why do we even need to patch?” We have not patched and nothing has happened except some random files appearing. If we did get hacked, how would anyone know? The information originates outside our environment, travels to us and then gets processed by the credit card companies. How can someone prove that information was stolen from one of our servers? We literally have thousands of servers. You can’t even tell me which one to look at. We do not need security; we just need to pass the security audit. When audit time rolls around there is a panic and sometimes evidence is fabricated. My friend is asked to create processes and document them, knowing that they will not be followed. Originally she thinks they will be however after a couple of years she is no longer willing to participate. This raises the ire of management and she is seen as a liability. She figures someone needs to be watching for more intrusions since there are so many gaps in Security and focusses on reactive security. The company is purchased and she has hope that things will change with deeper pockets in charge of Security. Time passes and nothing changes. It gets worse, security tools are not renewed and patching stops. Trial versions of software are implemented to fill the gaps. The next audit comes up and its worse than before. In the middle of the audit my friend sees a massive amount of alerts on the event logs that she had set up. She quickly evaluates the malware to see how it is getting in and how it is spreading. She devises a plan to contain the intrusion and informs Management. To her disbelief, she is removed from her position and her laptop is confiscated. “Experts” from within the company are brought in, and she takes a week off to decompress. When she returns they are asking for her help. These experts manage the corporate network which is actually the source of the first malware. (There are hundreds of undetected intrusions) The intrusion has spread and the entire environment has been compromised at the domain admin level. It goes on for a few more weeks. Customers are finding out and the incident becomes public almost two months later. The company releases a statement that the incident has been addressed and if anything is found, customers will be notified. The incident goes on for four more months with complete unrestricted access to everything. The problem is still not security. The problem is people finding out about the incident. The tools that found the incident are decommissioned and the logs are deleted. New silos are implemented so a complete security picture cannot be seen. Dozens of new people are hired and millions are spent on new tools however it only gives the “appearance” of security. They are implementing “Plausible Deniability” as their security plan. If anything does happen the executives can blame the people in security roles who did not actually understand security. The inexperienced people actually help with the audit process because they are told what to say and do not know any better. They can honestly tell the auditor that they see nothing wrong. Do you just tell your friend to leave, or does leaving make her a part of the problem? Over 1.6+ Billion Records Were Compromised Between 2005 and 2019 Credit card fraud increased from ,236 reports in the first quarter of 20 45,0 reports in the same quarter of 2020. That’s an increase of 1.7%. Fraud losses worldwide reached $27.85 billion in 2018 and are projected rise $35.67 billion in five years and $40.63 billion in 10 years according The Nilson Report, the leading global card and mobile payments trade publication.  |
||||
|
By law - they are required to report any data breach of PII to the authorities (local police, or in this case the FBI because it crossed state lines)
| |||
|
Another point to consider - if any information was from Europe, they are subject to GDPR and their fines are enormous - just ask British Airways.
|
Become a member to create a blog
