back to article Trojan sneaks into hotel, slurps guests' credit card data

Cyberooks are selling malware through underground forums which they claim offers the ability to steal credit card information from a hotel point of sale (POS) applications. The ruse, detected by transaction security firm Trusteer, shows how criminals are using malware on enterprise machines to collect financial information in …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Google dismayed

    Wishes they'd thought of this way of stealing peoples info

  2. Phil O'Sophical Silver badge

    selling trojans

    Given that the financial institutions which are attacked have a clear interest in stopping this sort of behaviour, how can they, of all people, not be able to trace the money paid back to the sellers of this malware? Or stop the transfers going through?

    1. Anonymous Coward
      Anonymous Coward

      Re: selling trojans

      Unfortunately there is this thing called innocent until proven guilty.

      The banks can decide not accept any more transactions for an account but they can not arbitrarily decide that customer X is breaking the law therefore we will refund all transactions involving that account. I don't think they can even stop them from transferring the money elsewhere.

      As for tracing the money, all you have to do is transfer it to another bank and the first bank no longer knows what has happened to the money.

      It takes the involvement of law enforcement (and court orders) to enable funds to be tracked from one account/bank to another.

      1. Charles 9 Silver badge

        Re: selling trojans

        Then there's the matter of INTERNATIONAL accounts. All the crooks have to do is pass through at least one bank in a country with negative Western relations and you're sorted, since they'll have no interest in cooperating.

        Then there are the money mules who remove the money from the banking system and then forward it on, creating a near-untraceable link in the chain. Sophisticated money launderers know all the tricks in the book.

        1. multipharious

          Re: selling trojans

          not to mention bulletproof hosting...

          Look it up. These are facilities with armed guards that host content primarily for criminal organizations. Failure to meet the SLA, results in termination if this for the data center owner/operator...this dramatically increases the motivation to defend by force. So you see, it is a little more complex than just shutting them down or tracking them. Law enforcement task forces could know exactly who the perp is and not be able to do anything about it.

  3. Anonymous Coward
    Anonymous Coward

    Google laughs at amateurs

    Ww've been doing this for years with our Wi Spy cars, grins malicious law breaker

  4. Anonymous Coward
    Anonymous Coward

    On the link the image is:

    Micros Opera V5, with Green splash screen!

    I know a few hotels with that non-default splash screen as a setting.



    I suppose that would be how the Librarian from Unseen University communicates when using instant messaging?

    1. Chris Miller

      Re: "Cyberooks"

      Nah, they're big black birds with a chip inserted into their brains.

  6. Gordon Fecyk

    And front desk managers can install software?

    ...sellers even offer advice on how to use telephone social engineering techniques via VoIP software to trick front desk managers into installing the Trojan.

    If your hotel allows its front desk staff to install software, get a hold of me for some badly needed consulting.

    I realize hospitality vendors are lazy about automatic updates of their garbage software, but this is just insulting after twelve years of Windows 2000.

    1. frank ly

      Re: " ... some badly needed consulting."

      I think you mean " .. some badly needed clobbering."

  7. Dr Trevor Marshall
    Thumb Up

    My Credit Card was compromised this way (most probably)

    Last week my CC was used to buy a train ticket in London, even though I was in the US at the time. Previous week I had been staying at a smaller hotel in Paris. CC company caught the fraudulent use and cancelled the card. A couple of days later a hotel in Spain emails to tell me the same credit card, which I had used as a reservation guarantee, was no longer valid. They must be pulling the card every few weeks to check...

    Yes, the smaller hotels are a major weakness in the CC system, I think...


    1. MrZoolook

      Re: My Credit Card was compromised this way (most probably)

      Welcome to Contactless Credit Card Payments...

    2. multipharious

      Re: My Credit Card was compromised this way (most probably)

      Several years ago, I called up to make a reservation at a hotel.

      Oh yes, we have your credit card on file.

      Oh you DO?

      WTF. I mean PCI DSS is for what? This person (an operator) can see my card number, name and details? They are using a system that is probably not physically secured at all. No vulnerability management, AV that might be out of date, running on XP and IE6. The staff uses this machine to surf the net during slow times. The network is not isolated. It really is a complete wonder the problem is not worse.

  8. Alister

    I find it amusing, but also appropriate

    ...that the acronyms for Point-Of-Sale and Piece-Of-Shit should be identical.

    1. DryBones

      Re: I find it amusing, but also appropriate

      Having worked at a home decor place, and actually been half cashier, half IT for an antiquated set of IBMs, I can assure you that this is no coincidence.

      1. LinkOfHyrule
        Paris Hilton

        Re: I find it amusing, but also appropriate

        I worked somewhere where they couldn't even be arsed to replace broken barcode scanners so had to type in barcode numbers by hand!

        They've gone bust now, bunch of plonkers.

        Paris because she's probably their IT and security consultant.

  9. Anonymous Coward
    Anonymous Coward

    The problem is

    On the screen shot what you don't see is the OS, this is probably XP Pro as Opera often needs to run as an administrator on the machine, so often the user is also an admin user in order to print from Opera.

    Glad I switched to W7 early last year, with no admin user rights for any of the day to day users and workstations screwed down enough to get a monthly winge.

    The people I work for do invest in the IT infrastructure, but many hotels I do go to see (on exchange visits) are still running W98, WNT etc... Then say PCI compliance what's that?

  10. Jeffrey Jefferson

    Let me guess..

    Let me guess.. Trusteer have some software to prevent it from happening.

  11. Anonymous Coward

    small hotels skimp on security/PoS expenses

    You've got to hand it to the scammers, they found an industry where a lot of local businesses are present, they do most of their business through credit card transactions, and they spend very little on IT security, training or infrastructure.

    Evil genius at work! :/

  12. EJ


  13. them

    Who would'a thunk it? Large treasure troves of data are now hacker magnets.

    The benefits (convenience and speed) offered by putting everyone's data in one place in increasingly being offset by the costs (the target stands out like a sore thumb).

    When are these idiots gonna realize that best practices demand a distributed storage model? Why turn your system into a high-value target and then advertise it? Hey, everyone! Look at me! I have millions of names, addresses, dates of birth, employment history, medical records, social insurance records, investment records, bank numbers, credit card info, other financial info, etc. etc.

    Organized crime has teams of well-paid hackers searching for these high-value targets. Why make it so easy for them?


    "The threat to privacy is mainly caused by centralized gathering of increasingly detailed personal information... To allow citizens more privacy, we have to design systems that are decentralized and require less personal information."


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022