Small business point-of-sale systems hacked Subway-style in Australia

Australian and Romanian national police have broken up a ring of hackers blamed for pillaging the point-of-sale systems of Australian small businesses. The Sydney Morning Herald reports that the ring stole credit card data from 30,000 Australian consumers by hacking into the systems of as many as 100 small businesses across the country. The data was then used to create counterfeit credit cards which racked up over $30 million in fraudulent charges around the world, including in the US.

The rash of breaches, which as a whole constitute the largest data theft ever in Australia, bear a striking resemblance to another Romanian hacking ring's attack on Subway restaurants in the US last year. That ring, which also broke into the point-of-sale systems of other small retailers in the US, ran up more than $10 million in losses for credit card companies and customers by taking advantage of remote access software installed on the systems to install software that intercepted credit card transactions. The malware dumped the full data from each credit card to a remote server, from which it was retrieved and either used to create fake credit cards with an embossing machine or sold to other criminals. Two members of that ring were prosecuted in the US and pled guilty in September of this year.

The Australian ring appears to have used the same playbook for its even bigger credit card fraud operation, hitting businesses ranging from gas stations to grocery stores. Sixteen alleged members of the gang were arrested, and charges against seven more were filed in Romania. Among the arrested is Gheorghe "The Carpathian Bear" Ignat, a mixed martial artist and one-time Greco-Roman wrestling champion of Romania who now lives in the US.

Read on Ars Technica | Comments