In recent times, an European crime syndicate has fled with around half a million card details from supposedly a "small Australian business".
My first thought on this was, if the business was small, they wouldn't have half a million cards stored somewhere on their databases and/or systems. My second thought however was, perhaps this "small" business isn't so small after all? Maybe, this business is actually quite big and that it has been covering its name in order to protect itself from the media and its customers.
Regardless of this, half a million cards were still stolen. In the nature of the incident, it sounds as if these cards were not even protected in the simplest forms and the standards of security were astonishing. Any business who wishes to process credit cards should always have secure and tight security measures which grant them the safety and reliability that their company really needs. The methods that they could have used to secure the cards are limitless! They could have hashed them with suppose a secure SHA-256 (http://www.xorbin.com/tools/sha256-hash-calculator) or they could have deleted cards except for the last 4 digits as a method for verification as they had processed the cards, but instead they stored them insecurely and now banks are on a high alert.
Fraud is a big game in the contemporary hacking scene. Majority of hackers, in this current time have had some sort of involvement with fraud or have once or still do participate in it. For them, credit cards are nothing but numbers, which can or will get them rich if they use them correctly. They don't emphasise for the people that they are really hurting and really do not have any sense of morale. Day by day, fraud is only increasing, and it's up to us to make sure we know if the person we are transferring details to is secure.
SQL Injections, RDP bruteforcing, XSS attacks, and even MITM attacks. These techniques all make it possible for hackers to obtain databases and potentially steal credit cards as well as destroy lives.
Stay Safe, Stay Secure.
EPZSecurity.
0 comments:
Post a Comment