Ultimate hardware hack: Home Depot nailed by vice merchants
BlackPOS 'Target' malware implicated
Do-it-yourself kingpin Home Depot has confirmed a report it was breached indicating the compromise occurred in April this year.
The US retail chain was working with law enforcement over compromise of payment terminals across stores in the country.
Chief executive of the hacked firm Frank Blake admitted the breach in a terse statement issued on the company's website.
"We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred," Blake said.
"We apologise for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue".
The statement says there is no evidence that debit card PINs were compromised and that the investigation was "focused on April forward".
Online crime reporter Brian Krebs broke the story last week based on insights from unnamed fraud experts working at US banks.
Sources close to the investigation told the reporter an upgraded variant of the BlackPOS malware was behind the breach.
The malware also known as Kaptoxa was responsible for the December breach of retail mega chain Target in which 40 million credit and debit cards were stolen.
Details of the purloined cards have since appeared on public carder site Rescator.cc, conveniently split into geographic regions to help crims slip under bank fraud radars.
Krebs cross-referenced the location of the cards in recent large dumps on offer at Rescator with Home Depot stores and found 99.4 percent matched, strongly indicating the tranche was acquired from the raid.
Analysis of the BlackPOS variant by researchers Numaan Huq and Rhena Inocencio and possibly used in the Home Depot breach found lines of code that included an image of molotov cocktails splashed with the flags of Ukraine, Syria, Egypt, and Libya against a matchbox emblazoned with the US flag.
The code was also found to contain links to anti-American propaganda websites which the Trend Micro considered a likely signature of the group. ®