BOSTON Jan 30 A cyber criminal ring targeting
small retailers in 11 countries stole data on 49,000 payment
cards using a malicious software known as "ChewBacca" before the
operation was shut down, according to a cyber research firm.
RSA FirstWatch disclosed the attacks on Thursday on its
website (). It said the firm's researchers
uncovered the ring, whose victims included small companies in
the United States, Russia, Canada and Australia.
They managed to steal details from some 24 million payment
card transactions over about two months, according to RSA.
The report comes as the Secret Service investigates a major
data breach at Target Corp that resulted in the theft of
some 40 million payment card numbers, plus other data from some
70 million customers, along with a smaller breach at luxury
department store Neiman Marcus. Arts and crafts retailer
Michaels has said it is investigating a possible breach and the
FBI has warned retailers to expect more attacks.
The findings from RSA show that the recent spate of attacks
extend outside the United States.
"The end game is to gain credit card information, so the
hackers are going to go wherever it is easiest to get that
information," said Will Gragido, senior manager with RSA
FirstWatch, the threat research arm of RSA Security.
He said his firm provided the FBI with data on the
"ChewBacca" operation, including the location of a
command-and-control server used by the hackers on Wednesday.
That server was shut down on Thursday, according to Gragido.
An FBI spokeswoman could not be reached for comment. RSA, a
subsidiary of storage giant EMC Corp, declined to
identify the victims, which it said it had contacted.
RSA said the hackers used a relatively new piece of
malicious software known as ChewBacca designed to infect
computers such as the point-of-sales systems that process credit
card transactions.