Monday, June 6, 2016

How do you get access to a store's credit card terminals?

You ask:
CiCi’s Pizza, an American fast food business based in Coppell, Texas with more than 500 stores in 35 states, appears to be the latest restaurant chain to struggle with a credit card breach. The data available so far suggests that hackers obtained access to card data at affected restaurants by posing as technical support specialists for the company’s point-of-sale provider, and that multiple other retailers have been targeted by this same cybercrime gang.
There's a long history of this sort of thing.  Both MIT and Cal Tech have traditions of students doing pranks.  Often these are elaborate, and done in broad daylight (I recall one where a statue was loaded onto a flat bed trailer and driven away).  Key to this was having the Guy With The Clipboard - anyone who came by to ask what they were doing was asked to sign for the "pickup".

Here we see the Bad Guys waltzing into a restaurant acting like they're Tech Support.  This is a surprisingly hard problem to address.


Will said...

Wear a tie along with that clipboard, and you're golden.

Ken said...

Social engineering has been a huge factor in hacking going back to Kevin Mitnick.

abnormalist said...

I worked hired gun tech for about ten years. I showed up at financial institutions, schools, healthcare locations, government offices, etc every single day. Every time I went somewhere the first time, I was walking in cold often having to go through several levels of personnel to finally get to someone who actually knew that I should be there.

I was challenged ONCE.

Yep, once in ten years

Ted said...

Health Care Security has improved (somewhat). In my current gig, you can't get past the front lobby without a swipe Badge that is verified each pass, The elevators and the doors to each area on any floor also require a badge. ( But "helpful" fellow employees will still hold the door for people they don't actually recognize )

....... and it was a Cannon --

It's not an easy thing to steal a two-ton, 111-year-old cannon and ship it 3,000 miles across the country without anyone noticing. But in 2006, MIT hackers calling themselves the Howe & Ser Moving Company did just that.

They showed up at Fleming House, a Caltech residence, with a phony work order on March 28, 2006. The work order duped security guards and they carted the cannon off, "barrel, carriage, and tongue," the Los Angeles Times later reported.

Days later, the cannon reappeared in front of MIT's Green Building, no worse for wear, but now adorned with a giant MIT class ring.

The funny thing about this particular hack is that it all happened before. Twenty years earlier, pranksters at Harvey Mudd College had pulled the same we're-movers-with-phony-paperwork stunt to cart off the cannon.

"It's not just like stealing a goat," Harvey Mudd cannon-swiper David Somers told NPR back in 2006. "This is an antique more than 100 years old. It weighs two tons. It's an engineering project unto itself just to move this thing without breaking it."