≡ Menu

A DPRK Cyber Weapon To Contend with – Point-of-sale Botnets

DPRK-cardConsidering the DPRKs threat to cause mayhem in South Korea, there is one way that could be used by them to attack the economy here and the latest tool is the point-of-sale cash register that are in so many businesses everywhere.

As of this week, Target – an American chain store – has had all of its 1,800 or so stores across the country “targeted” by a massive botnet that stole up to 40 million credit card numbers, PIN number and other details from in-store shoppers, over a 19-day period.  Apparently Target had suspected they were being hacked at least as far back as August and had blocked non-US traffic to their store website but they could not prevent the results.

Unlike other attempts to raid data servers in one location, infected POS machines can be turned into a gigantic botnet that collects credit information.  The economic harm from this one episode has attracted the attention of the Secret Service as well (link).

The sophistication of this newer type of botnet is notable:

. . . (the newer botnet software is) much more advanced. It allows attackers to corral large numbers of PoS devices into a single botnet. The interface makes it easy to monitor the activities of infected machines in real time and to issue granular commands. In short, they are to PoS terminals what ZeuS, Citadel, and other banking trojans are to online bank accounts. The code helping to streamline the process has been dubbed StarDust. It’s a major revision of Dexter, a previously discovered piece of malware targeting PoS devices that has already been fingered in other real-world payment card swindles. (link)

This means that after infecting a large number of POS registers, the network can operate in coordinated attacks and can be very difficult to shutdown.  Apparently the latest strains of this software (V2 Stardust & V3 Revolution) have ties to Russian criminal networks and is for sale too.

If this sort of attack is used to attack the many under-protected POS machines in South Korea – the source of so many botnets already – what would happen if a concerted effort by the DPRK hackers to take down the entire South Korean economy by coordinated botnet attacks on local business, banks, etc. were attempted?

I shudder at this point . . .

About the author: Psst, want to buy some used marble cheap?

  • Mike Morgan

    A. What makes you think they have not already done so?
    B. You do know that most “OEM” viruses have no easily observable symptoms? It’s the “script-kiddie” variants that are typically the cause of issues as they are not as well-trained or well-disciplined as the original authors.
    C. DO NOT use a debit card in a POS machine. Ever.

  • redwhitedude

    NK could use this against anybody.

  • RElgin

    True, but this newer type of virus could really be used as a weapon against a wired, sophisticated economy – as is most everywhere today that is not the DPRK. Who needs a nuke when you could develop not just a botnet but a prolonged silent attack whose aim is to decimate or destabilize a target economy over a period of months if not a year.

    There have been many warnings that this was coming before now and now we have this.

  • joekim

    One word–Bitcoin

  • RElgin

    I have read reports that the Target bots actually got the 3-didgit security code as well that is on the back of the card.
    Since when do stores record that information!?
    This episode is a massive screw-up.

  • bigmamat

    Off topic…your new design is nice but I’m partial to the old one that didn’t spike my CPU…


    If you’re shopping online do you not have to provide that code?

  • RElgin

    Yes, and the vendor is not supposed to retain that code either. If any do, dump them, with no exceptions.

  • Mike Morgan

    Agreed. Even though they still use fax…

  • RElgin

    Fax is a little scary ^_^

  • http://www.bcarr.com/ Brendon Carr

    Target is not a franchise. Target Corporation owns all Target stores. You seriously don’t have any idea what a franchise is and how it works, do you? I sure hope you don’t teach business, Elgin.