Skip to content

Monthly Archives: May 2017

Bowl Tending: Chipotle

QUOTE

Fast-food chain Chipotle says hackers infected its point of sale terminals to gain access to card data from stores in 47 states and Washington, DC.

The self-described “Mexican Grill” says that the malware was active earlier this year from March 24 to April 18, when it was detected, triggering the company to issue an alert.

“The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device,” Chipotle said in its latest summary of the incident.

“There is no indication that other customer information was affected.”

That last sentence is a bit puzzling, as a fraudster who has payment card numbers, dates, and security codes would have little need for any other info.

….

Chipotle recommends that anyone who paid with a card at one of the compromised stores keep a close eye on bank statements and consider having an alert placed to their credit file to catch possible fraud.

Yeah right, double speak “there is no indication that other customer information was affected.” Which means, no other customer information EXCEPT the information stolen in the hack! Excuse me while I barf.

Trump Scandal? Ooops..Hackers target The Donald’s businesses

Quote

The FBI and CIA are investigating an attempted hack on the Trump Organization.

According to a report from ABC citing unnamed officials with the intelligence agencies, it is believed someone overseas attempted to breach the President’s international real estate holding company.

The report claims that officials and cybersecurity specialists with both the FBI and CIA met earlier this month with Eric and Donald Trump Jr, who have been running the Trump Organization since their father assumed the Presidency of the United States in January.

The report did not suggest where the hackers may have originated. The Trump Organization has denied any of its data was compromised.

“We absolutely weren’t hacked,” Eric Trump said. “That’s crazy. We weren’t hacked, I can tell you that.”

According to ABC, the meeting took place on May 9th, one day before Trump caused a political firestorm by firing FBI director James Comey in the midst of his investigation into Russian government-backed hackers meddling in the 2016 US election, which saw Trump score a surprise win.

In the months following the election, the FBI and Congress have launched investigations into just how much (if anything) the Trump campaign knew of the Russian meddling.

This is not the first time the Trump Organization has been targeted for cybercrime. First in 2015 and again in 2016, hackers managed to get malware onto the point of sale systems at several Trump hotels.

Those incidents were entirely financial, however, as the attackers were looking to steal the payment card numbers of restaurant customers and hotel guests. This latest incident, given the interest taken by the FBI and CIA, could well have involved a more serious target

WannaCry‬pt ransomware note likely written by Google Translate-using Chinese speakers

Quote

The ‪WannaCry‬pt extortion notes were most likely written by Chinese-speaking authors, according to linguistic analysis.

WannaCry samples analysed by security outfit Flashpoint contained language configuration files with translated ransom messages for 28 languages. All but three of these messages were put together using Google Translate, according to Flashpoint.

Analysis revealed that nearly all of the ransom notes were translated using Google Translate and that only three, the English version and the Chinese versions (Simplified and Traditional), are likely to have been written by a human instead of machine translated. Though the English note appears to be written by someone with a strong command of English, a glaring grammatical error in the note suggest the speaker is non-native or perhaps poorly educated.

Flashpoint found that the English note was used as the source text for machine translation into the other languages.

The two Chinese ransom notes differ substantially from other notes in both content, format, and tone. This means they were likely that the Chinese text was put together separately from the English text and by someone who is at least fluent in Chinese if not a native speaker. The Chinese note is longer than the English note, containing content absent from other versions of the shake-down message.

The most plausible scenario is that the Chinese was the original source of the English version, say analysts. Flashpoint concludes that the unidentified perps – without speculating on their nationality – are likely to be Chinese speakers.

Flashpoint assesses with high confidence that the author(s) of WannaCry’s ransomware notes are fluent in Chinese, as the language used is consistent with that of Southern China, Hong Kong, Taiwan, or Singapore. Flashpoint also assesses with high confidence that the author(s) are familiar with the English language, though not native. This alone is not enough to determine the nationality of the author(s).