Former Subway sandwich franchisee cops to $40,000 gift-card hack scheme

Man used LogMeIn to access point-of-sale terminals of other shops, feds say.

A former Subway sandwich shop franchisee pled guilty to taking part in a scheme to hack point-of-sale terminals for at least 13 stores and obtaining gift cards worth $40,000.

Shahin Abdollahi, who also ran a business that sold and maintained point-of-sale terminals, sold the computerized checkout registers to the Subway shops that were illegally accessed, according to federal prosecutors in Massachusetts. He set up the terminals with software from LogMeIn, which allows people to remotely log in to PCs over the Internet. Abdollahi and other conspirators then used the software to repeatedly access the Subway terminals without authorization, usually early in the morning, when the restaurants were closed. Once logged in, they loaded gift cards with credit totaling $40,000. Co-conspirator Jeffrey Wilkinson, 37, of Rialto, California, would then advertise the cards for sale on eBay and Craigslist and hand deliver them to buyers.

On Wednesday, Abdollahi, 46, of Lake Elsinore, California, pled guilty in federal court in Massachusetts to one count of conspiracy to commit computer intrusion and wire fraud and one count of wire fraud. He is scheduled to be sentenced on August 6. Wilkinson pled guilty in February and is scheduled to be sentenced on May 28. It's not the first time Subway point-of-sale terminals have been illegally accessed by crooks for purposes of skimming the till. In 2012, two men pled guilty to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway franchises and racked up more than $10 million in losses.

Read on Ars Technica | Comments

Photos of an NSA “upgrade” factory show Cisco router getting implant

Servers, routers get “beacons” implanted at secret locations by NSA’s TAO team.

NSA techs perform an unauthorized field upgrade to Cisco hardware in these 2010 photos from an NSA document.

A document included in the trove of National Security Agency files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) unit and other NSA employees intercept servers, routers, and other network gear being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they’re delivered.

These Trojan horse systems were described by an NSA manager as being “some of the most productive operations in TAO because they pre-position access points into hard target networks around the world.”

The document, a June 2010 internal newsletter article by the chief of the NSA’s Access and Target Development department (S3261) includes photos (above) of NSA employees opening the shipping box for a Cisco router and installing beacon firmware with a “load station” designed specifically for the task.

Read 2 remaining paragraphs | Comments

Al-Qaeda’s new homebrew crypto apps may make US intel-gathering easier

NSA spying revelations led to development of three new encryption apps.

Terrorists loyal to al Qaeda and its offshoots are using new encryption software, most likely in response to revelations that the National Security Agency is able to bypass standard cryptographic protections as part of an expansive surveillance program, according to a recently released report from intelligence firm Recorded Future.

The three new major encryption tools were adopted within a three- to five-month period following leaks from former NSA contractor Edward Snowden, according to the report. The apps replace or bolster the original Mujahideen Secrets crypto program that al Qaeda members have mainly used for e-mail since 2007. One of the new releases, known as Tashfeer al-Jawwal, is a mobile program developed by the Global Islamic Media Front and released in September. A second, Asrar al-Ghurabaa, was released by the Islamic State of Iraq and Al-Sham in November, around the same time the group broke away from the main al Qaeda group following a power struggle. The third program is known as Amn al-Mujahid and was released in December by that Al-Fajr Technical Committee.

The influx of new programs for al Qaeda members came amid revelations that the NSA was able to decode vast amounts of encrypted data traveling over the Internet. Among other things, according to documents Snowden provided, government-sponsored spies exploited backdoors or crippling weaknesses that had been surreptitiously and intentionally built in to widely used standards.

Read 2 remaining paragraphs | Comments

Navy Sys Admin Hacks Into Databases From Aircraft Carrier

So this story caught my eye and I found it pretty interesting as it reads like something out of a Tom Clancy novel crossed with a bunch of script kiddies, a Navy Sys Admin has been charged with conspiracy to hack – the interesting part was that he hacked the Navy (whilst working there..) and […]

The post Navy Sys Admin Hacks Into…

Read the full post at darknet.org.uk

So this story caught my eye and I found it pretty interesting as it reads like something out of a Tom Clancy novel crossed with a bunch of script kiddies, a Navy Sys Admin has been charged with conspiracy to hack – the interesting part was that he hacked the Navy (whilst working there..) and [...] The post Navy Sys Admin Hacks Into...

Read the full post at darknet.org.uk