It was suspected the attack could result in more than $25 million in fraudulent transactions.
The AFP together with foreign national law enforcement agencies will swoop on an unknown number of syndicate members and are preparing to prosecute them.
Detective Superintendent Brad Marden told SC Australia’s major banks have placed the cards on high alert pre-empting a spate of fraudulent transactions should the cards be sold off on underground criminal forums.
The sell-off seemed likely. SC understands the syndicate was behind the December 2011 hack of US Subway Restaurants in which four Romanian nationals were charged for millions of dollars in credit card fraud that affected some 80,000 customers.
In both cases, the syndicate captured credit card details using keyloggers installed within Point of Sale (POS) terminals and siphoned the data through an insecure open Microsoft’s Remote Desktop Protocol (RDP) connection.
The syndicate found its victims by scanning the internet for vulnerable POS terminals.
The Australian business, which Det. Sup. Marden did not name citing the ongoing criminal investigation, operated a highly vulnerable network from which the 500,000 credit cards were stolen.
Its network was protected with default passwords and carried both benign and unsecured transactional data. The company had left RDP activated so it could monitor stocks.
“The network was setup by some local suppliers who didn’t understand IT security,” Det. Sup. Marden said. “It was a disaster waiting to happen.
“[The syndicate] has moved into other countries to attack with the same methodologies, and [the attacks] will happen again sometime in the future.”
Authorities were tipped off to the hack by the banks which have since placed the credit cards into lockdown.
The authorities also worked with private sector businesses including Verizon during the investigation.
Despite the potential for millions of dollars of fraud to result from the theft, Det. Sup. Marden said the attack was neither complex, nor large compared to other data breaches around the world.
“It’s not massive in the larger scheme of things,” he said. “By far the majority of the work that we’re involved in doesn’t involve uber-technical hackers; they are buying exploit kits and doing SQL Injection all as a result of [a victim’s] poor coding practices.”
Marsdon spoke at the IBM Security Symposium.