Target Hackers Hit Third Parking Service

Criminal crew behind Target and Home Depot data breaches is now targeting online parking reservation services, Book2park is the third victim since December.

The hacking crew hackers behind the data breaches of the retail chain Target and Home Depot are now threatening parking lots according to the recent report published by the popular investigator Brian Krebs.

“Last week, a new batch of credit card numbers [dubbed “Denarius“] went up for sale on Rescator[dot]cm, the cybercrime bazaar that earned infamy by selling tens of millions of cards stolen from Target and Home Depot. Multiple banks contacted by this author acquired a handful of cards from this new batch, and each of those financial institutions found the same pattern: All of the cards they bought had been issued to customers who recently made airport parking reservations at Book2Park.com.” wrote Brian Krebs.

The last victim of the criminal organization is Book2Park.com, an online parking reservation service for airports across the United States. The company is the third online parking service that was hacked by the gang since December 2014.  A new batch of credit card numbers was offered for sale on the popular black market Rescator[dot]cm that is specialized in the commercialization of cards stolen data, the new cards are being sold for up to $18 on the site

Rescator[dot]cm is the same website used by the criminal crew to offer credit cards from many the data of Target and Home Depot, that caused the exposure of more than 100 million cards.

Banks have bought some of the stolen cards for investigative purposes and told Brian Krebs each was used to make reservations with Book2Park.

The Book2park CEO Anna Infante confirmed that experts hired by Book2Park have discovered a malware infected its servers, but she was unaware of the data breach.

“We already took action on this, and we are totally on it,” Infante told to Krebs. “We are taking all further steps in protecting our customers and reporting this to the proper authorities.”

Brian Krebs speculates that the same gang is behind the hack of Park ‘N Fly and OneStopParking.com occurred in December 2014.

“The card accounts stolen from OneStopParking and Park ‘N Fly sold for prices between $6 and $13, but the cards taken from Book2Park’s site mostly fetch prices ranging from $12 to $18. This may be because most of the cards were issued by European banks, which tend to sell for more (at least on Rescator’s site).” continues Krebs.

Krebs explained that card data stolen by hackers are sold in the underground in form of dumps of data, which include “CVVs”, to use for online transactions or encoded onto new plastic and used to buy stolen goods in physical stores.

“However, most online carding shops that sell stolen card data in underground stores market both types of cards, known in thief-speak as “dumps” and “CVVs,” respectively.”

Recently Trustwave published an interesting report on the point-of-sale malware, the principal tool used by criminal gangs to steal credit card data. The experts at Trustwave have examined a large amount of malware that targets point-of-sale devices, this family of malicious code is specifically designed to steal the sensitive information stored in the magnetic stripe of a payment card.

Unfortunately, this kind of crimes is increasing as confirmed by various reports.

Coming back to Book2Park case, Krebs explained that it is unclear why these criminal crew are targeting online parking reservation systems considering that there is no direct connection between the three services hacked by the gang.

Stay Tuned …

Pierluigi Paganini

(Security Affairs – stolen card data, cybercrime)