Cyber money launderers target the channel
Security expert tells how legitimate IT purchases are used to launder stolen data
IT channel companies, particularly electronics retailers, are regularly targeted by cybercriminals who have gained control of personal details exposed online, a security expert has warned.
In his Krebs on Security column this week, US security blogger Brian Krebs said cybercrime targeting European and American businesses often involves the purchasing and reshipping of goods purchased using stolen credit cards or their relevant details, with the criminals posing as legitimate businesses.
"In the case of a breach at an online merchant that exposes the card number, expiration and card verification value (CVV), the compromised card numbers typically are used to purchase high-priced electronics at online stores that are known to be 'cardable' - that is, the stores will ship to an address that is different from the billing address," wrote Krebs.
The activity now being seen is an "evolution" of the money-laundering services that are popular ways for criminals to cash out their activities, Krebs explained. Laundering spoils can be difficult and costly, but the involvement of new "white-label" shipping services, instead of the FedExes and DHLs of the world, was making the process easier.
IT equipment bought in this way can be shipped elsewhere, perhaps abroad, and quickly resold for cash. The white-label shipping company's services are then typically paid for using a front company based in the US or similar, according to Krebs.
It is possible that the traditional shipping companies have got better at detecting this type of activity, he opined, pushing criminals to seek less-scrupulous partners.
"Where attackers use malicious software to compromise cash register transactions and gather data that can be used to fabricate new cards, fraudsters employ teams of 'runners' who use the card data to create counterfeit cards and buy high-priced merchandise at big-box retailers," he added.
Large-scale cybercrime operations that use these techniques can become much more profitable, keeping more of the proceeds for themselves, instead of having to involve middlemen, he said.
The channel is no stranger to the experience of being defrauded.
As recently as January, ChannelWeb warned that the channel was being attacked by scammers sending in orders for Cisco kit for which payment never came
Reseller carousel or "missing trader" fraud cases are rarely far from the courts, and distribution login lists can also be targeted by fraudsters.