24 Cyber Criminals Arrested

Romanian police arrest 24 members of a card skimming and cloning operation and identify 47 other suspects.

Police searched 18 houses in six Romanian counties and seized electronic devices, computers, mobile phones, equipment used to make card skimming devices and around €50,000 in cash. Europol said the gang had installed skimming devices in several EU member states at automatic bank teller machines and self-service fuel stations to copy the magnetic stripe data from payment cards.

The data gathered was then used to produce cloned payment cards that were used to withdraw cash in non-EU countries, including Nepal, the Philippines, Taiwan and the US, where Chip and PIN technology is not common.

Those arrested are also suspected of establishing or supporting an organised criminal group, illegal software and hardware operations, payment card falsification, fraudulent financial transactions and money laundering.

Europol said the investigation also led to the identification of a further 47 individuals involved in various activities within the criminal group.

Card cloning is rife

Criminal gangs are able to create clones of legitimate payment cards once they have copied all the necessary information from the card.

Card cloning has been suggested as one way the criminals who raided Tesco Bank could have tapped into 9,000 accounts in a short period of time to steal £2.5m. One of the affected Tesco Bank customers told the Mail Online that withdrawals using a card had been made in Brazil.

Obtaining the information by using skimming devices is fairly old school, however, with some gangs in more recent times infecting point-of-sale (POS) systems with malware to steal the card data.

In 2015, for example, Cisco researchers discovered POS malware, dubbed PoSeidon, which was designed to scrape POS devices’ memory for credit card information and exfiltrate that data.

The researchers said the card data can be used to create cloned payment cards, and is typically sold on criminal markets.

Card cloning is particularly rife in countries outside of Europe that have not yet implemented Chip and PIN technology in line with the Europay, MasterCard and Visa (EMV) standard.

In October 2014, then US president Barack Obama issued an executive order aimed at accelerating the adoption of cards that meet the EMV standard.

While EMV is not hack-proof, it provides more security than the magnetic stripe system, with a unique identifier for each transaction and user verification through a PIN code.

Although widely adopted in Europe, where it has been credited with significantly reducing card-present fraud, EMV adoption in the US has been relatively slow.

Computerweekly:    Banks Undermine Chip and PIN Security:

 

« Tesco Could Have Been Facing £2bn Fine After The Bank Hack
Cyber Security Market Is In A People-Power Crisis »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

CERT.at

CERT.at

CERT.at is the Austrian national Computer Emergency Response Team.

UK Cyber Security Forum

UK Cyber Security Forum

UK Cyber Security Forum is a community interest group for cyber security companies in the UK.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Cimcor

Cimcor

Cimcor’s flagship software product, CimTrak, helps organizations to monitor and protect a wide range of physical, network and virtual IT assets in real-time.

Capsule8

Capsule8

Capsule8 is the only company providing high-performance attack protection for Linux production environments.

Argentra

Argentra

Argentra is a specialist engineering company, we have years of experience developing custom security software and providing security risk consulting.

Orbus Software

Orbus Software

Orbus develops, markets and sells enterprise software which helps large, blue chip and government organisations across the globe to achieve digital transformation outcomes.

Chartered Institute of Information Security (CIISec)

Chartered Institute of Information Security (CIISec)

CIISec is dedicated to helping individuals and organisations develop capability and competency in cyber security.

Core to Cloud

Core to Cloud

Core to Cloud provide consultancy and technical support for the planning and implementation of sustainable security strategies.

Castlepoint Systems

Castlepoint Systems

Castlepoint Systems is a pioneer in information governance, risk and compliance as a service. An all-in-one solution offering powerful risk management, built in compliance, cybersecurity and audit.

OryxLabs

OryxLabs

OryxLabs provide advanced enterprise digital risk protection solutions. Learn more about how 24x7 continuous assessment, monitoring, and improvement can secure your network.

SecurityLoophole

SecurityLoophole

SecurityLoophole is an independent cyber security news platform with global coverage. Latest updates, reports, news and events related to cyber security.

C2 Risk

C2 Risk

C2 Risk are focussed on risk analytics for information assurance, privacy and ESG (Environmental, Social, and Governance).

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.

Relyance AI

Relyance AI

Relyance AI - One unified platform for privacy, security, & governance.