Cyber Incident Victim: Splash Car Wash
Date:
Feb 2014
Location:
United States of America
Summary
A gang of thieves hacked into the point-of-sale (POS) systems of multiple car washes, including Splash Car Wash, across the US. They stole credit card data and used it to buy gift cards, which were then re-encoded with stolen credit card information. The thieves laundered the money by buying goods and selling them online. The breach was discovered after a resident reported suspicious transactions on their credit card statement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A gang of thieves carried out a sophisticated cyber attack on multiple car washes across the United States, including Splash Car Wash. The attackers targeted the point-of-sale (POS) systems used by the car washes, which allowed them to steal sensitive credit card information from unsuspecting customers. The breach was part of a larger scheme to launder money and make illicit purchases.
The attackers used a combination of social engineering and technical exploits to gain access to the POS systems. They were able to manipulate the systems to capture credit card data, including card numbers, expiration dates, and security codes. This information was then used to create counterfeit credit cards, which were used to make purchases at various retail stores. The thieves also used the stolen credit card information to buy gift cards, which were then re-encoded with new credit card information.
The attackers were able to move undetected for an extended period, as they used a technique called "card washing" to conceal their activities. This involved re-encoding the gift cards with new credit card information, making it difficult to track the transactions. The thieves were able to launder large amounts of money through this scheme, using the gift cards to buy goods and sell them online.
The breach was eventually discovered after a resident reported suspicious transactions on their credit card statement. An investigation was launched, and law enforcement officials were able to track down one of the suspects, a man named Jean Pierre. Pierre was found to be in possession of several prepaid gift cards, which were linked to the stolen credit card information. Further investigation revealed that Pierre was part of a larger gang of thieves who had been carrying out the attacks.
As the investigation continued, officials discovered that the attackers had compromised the POS systems of at least 40 car washes across the country. The attackers had used a vulnerability in the remote access software used by the car washes to gain access to the POS systems. The software, called pcAnywhere, had been compromised by the attackers, who were able to use it to remotely access the POS systems.
The attackers had also used default passwords to gain access to the POS systems. Many of the car washes had not changed the default passwords, which made it easy for the attackers to gain access. The attackers were able to move laterally across the network, compromising multiple POS systems and stealing sensitive credit card information.
The breach highlights the importance of securing POS systems and protecting sensitive credit card information. The attackers were able to exploit vulnerabilities in the remote access software and use default passwords to gain access to the POS systems. The breach also highlights the need for car washes and other businesses to implement robust security measures to protect against cyber attacks.
The investigation into the breach was led by law enforcement officials, who worked with the car washes and other businesses to identify the attackers and bring them to justice. The officials were able to track down several suspects and make arrests, but it is likely that many of the attackers remain at large.
The breach has had significant consequences for the car washes and other businesses affected. Many of the businesses have had to implement new security measures to protect against future attacks, and some have had to pay significant fines and penalties. The breach has also had a significant impact on customers, who have had to deal with the consequences of having their credit card information stolen.
The breach is a reminder of the importance of cybersecurity and the need for businesses to protect themselves against cyber attacks. The attackers were able to exploit vulnerabilities in the remote access software and use default passwords to gain access to the POS systems. The breach highlights the need for businesses to implement robust security measures to protect against cyber attacks and to protect sensitive credit card information.