Skip to main content
The Globe and Mail
Support Quality Journalism
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
Just$1.99
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to globeandmail.com
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(select.open)}function setPanelState(o){dom.root.classList[o?"add":"remove"](select.open),dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); }

The JackPOS malware code has targeted point-of-sale credit card terminals around the world.

ISSEI KATO/REUTERS

A new strain of computer malware infecting payment card terminals in restaurant and gas station has compromised nearly 700 credit cards in Canada, a computer security firm says.

The viral code, JackPOS, infects point-of-sales terminals, a security breach similar to other highly publicized recent cases that struck victims such as the Target retailing chain or the White Lodging hotel management firm.

According to a map released Monday by the California security firm IntelCrawler LLC, JackPOS stole data from 400 cards in Vancouver and from 280 other cards at a location in Longueuil, Que., south of Montreal.

Story continues below advertisement

IntelCrawler said the infection appeared about three weeks ago.

In an e-mail to The Globe and Mail, IntelCrawler CEO Andrew Komarov said the point-of-sales terminals were breached through remote access, by hackers who created a large list of possible passwords (such as POS1, Administrator or 123456789) and then "brute-forced" themselves into the systems.

"It provides them good results, as the security in this sector is surprisingly really very poor," M. Komarov wrote.

Other countries affected by JackPOS include Brazil, where data for 3,000 cards in Sao Paulo were stolen; India, where 420 cards were compromised in Bangalore; and Spain, where 230 cards were pirated in Madrid.

The two outbreaks in Canada likely happened at a gas station, said Richard Henderson, a Vancouver-based security strategist for Fortinet's Threat Research Labs.

"In Canada we're lucky that the vast majority of our transactions done day-to-day are with chip-and-PIN, which are much more secure," he said, adding however that some gas stations' pumps are still relying on the old magnetic-swipe method that is more vulnerable to hacking.

JackPOS appears to be a variation of a previous malware, Alina. Both are known as RAM scrapers, which capture card data when it is transmitted from the sales terminal to a payment-processing centre.

Story continues below advertisement

Mr. Henderson said JackPOS's key feature is its ability to hide on a machine by pretending to be a version of Java, a programming platform used by some computer applications.

"That's a really neat obfuscation technique by the malware to make it look like it's a legitimate piece of software."

According to a global security report by the anti-cybercrime firm Trustwave, victims of point-of-sale hacking tend to be merchants or franchises who have to outsource their IT work and rely on contractors who access their systems remotely. Weak passwords and remote access make it easier for hackers to breach POS systems.

Most of the breaches can be attributed to three criminal groups, with the data being dumped in Russia, Ukraine or Romania, the Trustwave report said.

The rollout of chip-and-PIN cards in Canada and Europe have made fraud harder. However, the report said cyber-thieves still go after POS targets in hotels and premium retailers, because those businesses attract an international clientele that does not have chip-and-PIN cards.

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies