Dave and Busters Screws its Customers
If you are like most people, you enjoy some gooey nachos and a huge video arcade. One of the best places to play video games and chow down on junk food is the Dave and Busters restaurants. But if you used a credit card at one of their stores recently, your credit card information, and maybe even your bank account could be at risk of theft. A hacker group infiltrated the D&B cash registers at several locations and installed card sniffers to steal the data.
From the AP here:
Three men were charged Monday with hacking into a national restaurant chain’s computerized cash registers and stealing credit card information from customers.
Eleven Dave & Buster’s restaurants at various locations around the United States were hit in the scheme, including one on Long Island, NY where information was stolen on 5,000 credit and debit cards, causing at least $600,000 in losses.
Maksym Yastremskiy, of Kharkov, Ukraine, and Aleksandr Suvorov, of Sillamae, Estonia, were charged in a 27-count indictment with wire fraud conspiracy, wire fraud, conspiracy to possess unauthorized access devices, access device fraud, aggravated identity theft, conspiracy to commit computer fraud, computer fraud and interception of electronic communications. The indictment was unsealed in U.S. District Court in Central Islip. Albert Gonzalez of Miami was charged with wire fraud conspiracy.
The trio hacked into the cash register terminals in order to acquire “track 2” credit and debit card information. Track 2 data includes the customer’s account number and expiration date, but not the cardholder’s name. The men then sold the stolen data to others who made fraudulent purchases, prosecutors said.
Yastremskiy and Suvorov are accused of gaining unauthorized access to the terminals and installing so-called “packet sniffers,” which are computer software codes designed to capture communications between two or more computer systems on a single network. Gonzalez supplied the computer software used in the scheme.
I can’t quite figure out if the packet sniffers were installed physically- like a USB stick- or if it was done over the network using software. Either way, it demonstrates how easy it is to tamper with the process.
