DPRK-cardConsidering the DPRKs threat to cause mayhem in South Korea, there is one way that could be used by them to attack the economy here and the latest tool is the point-of-sale cash register that are in so many businesses everywhere.

As of this week, Target – an American chain store – has had all of its 1,800 or so stores across the country “targeted” by a massive botnet that stole up to 40 million credit card numbers, PIN number and other details from in-store shoppers, over a 19-day period.  Apparently Target had suspected they were being hacked at least as far back as August and had blocked non-US traffic to their store website but they could not prevent the results.

Unlike other attempts to raid data servers in one location, infected POS machines can be turned into a gigantic botnet that collects credit information.  The economic harm from this one episode has attracted the attention of the Secret Service as well (link).

The sophistication of this newer type of botnet is notable:

. . . (the newer botnet software is) much more advanced. It allows attackers to corral large numbers of PoS devices into a single botnet. The interface makes it easy to monitor the activities of infected machines in real time and to issue granular commands. In short, they are to PoS terminals what ZeuS, Citadel, and other banking trojans are to online bank accounts. The code helping to streamline the process has been dubbed StarDust. It’s a major revision of Dexter, a previously discovered piece of malware targeting PoS devices that has already been fingered in other real-world payment card swindles. (link)

This means that after infecting a large number of POS registers, the network can operate in coordinated attacks and can be very difficult to shutdown.  Apparently the latest strains of this software (V2 Stardust & V3 Revolution) have ties to Russian criminal networks and is for sale too.

If this sort of attack is used to attack the many under-protected POS machines in South Korea – the source of so many botnets already – what would happen if a concerted effort by the DPRK hackers to take down the entire South Korean economy by coordinated botnet attacks on local business, banks, etc. were attempted?

I shudder at this point . . .