FBI attacks giant Chinese point-of-sale PAX technology – Krebs on security
U.S. federal investigators today raided the Florida offices of PAX technology, a Chinese supplier of point-of-sale devices used by millions of businesses and retailers around the world. KrebsOnSecurity has learned that the raid is linked to reports that PAX systems may have been involved in cyber attacks against US and European organizations.
Based in Shenzhen, China, PAX Technology Inc. has more than 60 million point of sale terminals in use in 120 countries. Earlier today, based in Jacksonville, Florida WOKV.com reported that FBI agents and Department of Homeland Security (DHS) raided a local PAX Technology warehouse.
In an official statement, investigators told WOKV only that they were conducting a court-authorized search of the warehouse as part of a federal investigation, and that the investigation included the Customs and Border Protection Department and the Navy Criminal Investigation Services (NCIS). The FBI did not respond to requests for comment.
Several days ago, KrebsOnSecurity learned from a reliable source that the FBI had started investigating PAX after a major U.S. payment processor began asking questions about unusual network packets coming from payment terminals around the world. ‘business.
According to this source, the payment processor discovered that PAX terminals were being used both as a malware “dropper” – a repository of malicious files – and as “command and control” locations to organize messages. attacks and collect information.
“The FBI and MI5 are conducting a full investigation into PAX,” the source said. “A major US payment processor started asking about network packets from PAX terminals and received no correct answers.”
KrebsOnSecurity contacted the CEO of PAX Technology on Sunday. The company has yet to respond to requests for comment.
The source said two major financial providers – one in the US and one in the UK – have already started removing PAX terminals from their payment infrastructure, a claim that has been verified by two different sources. .
âMy sources say there is technical evidence of how the terminals were used in attack operations,â the source said. âThe size of the packets doesn’t match the payment data they would have to send, nor the telemetry these devices could display if they updated their software. PAX now claims the investigation is racially and politically motivated.
The source was unable to share specific details of the network’s strange activity that prompted the FBI’s investigation. But be aware that point-of-sale terminals and the technology that supports them are perennial targets of cybercriminals.
It is not uncommon for payment terminals to be compromised remotely by malware and have to collect and transmit stolen information. Indeed, some of the biggest cyber-burglaries in history involved point-of-sale malware, including the 2008 breach at Heartland Payment Systems that exposed 100 million payment cards, and the 2013-2014 string of breaches. at Target, Home Depot and elsewhere that led to the theft. approximately 100 million additional cards.
Even if it was publicly proven today that the company’s technology was in fact a security risk, I guess few retailers would be quick to do much in the short term. The PAX Technology survey comes at a risky time for retailers, many of whom are gearing up for the peak holiday shopping season. Additionally, global computer chip shortages are causing long delays in purchasing new electronic devices.