Menu

Gambling News

Hacking Group Fin5 Steals 150,000 Gamblers’ Credit Cards from Casino

- October 14, 2015 By Oliver Young -

credit cards

Fin5 might be responsible for other unreported attacks

The attendees at the recent Cyber Defense Summit, formerly known as Mircon, which took place in Washington DC where warned of a new hacking group titled Fin5, reports The Register. According to researchers, Fin5 is responsible for the recent stealing of 150,000 credit cards from gamblers at an unnamed brick and mortar casino.

Emmanuel Jean-Georges and Barry Vengerik of Mandiant and FireEye said that the hacking group Fin5 successfully managed to skip through the flat IT infrastructure of the casino and attacked its open payment systems.

A Very Easy Hacking Attack

The two researchers pointed out that the poor IT infrastructure made the hacking attack easier. Apparently the unnamed casino was lacking even basic firewalls around its payment systems and it didn’t have logging.
“The casino had a flat network and one domain with limited access controls of payment system access,” said Jean-Georges. “If the casino had employed at least basic or minimal protection measures such as a firewall with default deny systems to limit PCI system access, it would have triggered some red flags,” he added.

The new hacking group has been associated with more than a dozen similar attacks including Goodwill. Some payment card breaches by the group might also not have been reported. The group’s targets have included a minimum of two payment method providers and their players, including the casino that was taken as an example at the Cyber Defense Summit.

How the Attack Happened

Jean-Georges revealed that the attackers used a backdoor codenamed Tornhull as well as a VPN dubbed Flipside in order to maintain persistence. The VPN dubbed Flipside was missed at detection in the first attempt by a rival film that was called in before Mandiant. The hackers noticed that the VPN survived and came back at the end of last year to steal more credit cards.

Fin5 also used another tool codenamed Driftwood which parses specified locations for credit card information dumps and encodes it for future collection. According to Vengerik, this tool is well commented to a level of commentary seen in software sale. The hacking group would steal any residual malware and features and then it would erase logs if it was suspected.

FireEye said in a statement that the most unique feature about Fin5 is that in every attack the company responded and caused by Fin5, a legitimate access was revealed. “The group has legitimate credentials to remotely log into the network,” said Vengerik. “They must have got credentials from somewhere but it’s definitely not from remote exploits or spear phishing.”

To see how payment systems where attacked, Mandiant relied on the AppCompatCache.

The attacked casino has now employed two factor authentication, increased logging and implemented application whitelisting as part of the list of changes.

YOU MIGHT BE ALSO BE INTERESTED IN THESE:

LATEST NEWS

No more free drinks for everyone at Caesars

Free Drinks Reserved Only For High Rollers at Caesars [...]

Viber users can now play 3D Blackjack with their friends.

KamaGames’ 3D Blackjack Launched for Viber [...]

US Election second biggest political market at Betfair Exchange

£44 Million Staked on US 2016 Election at Betfair [...]

MORE INTERESTING ARTICLES

Immortal Romance Slot

Valentine’s Day: Best Romantic Slots Right Now [...]

The cover Richard Marcus' book American Roulette

Former Pro Casino Cheater Talks About Scamming Casinos [...]

Hit Freqency & RTP

Understanding Return to Player (RTP) and Hit Frequency [...]

BACK TO TOP

Receive Exclusive Bonuses, Promotions & News

Never miss a good casino promotion again! Add your email to our mailing list and receive some exclusive casino bonuses, promotions & updates straight to your inbox.