Slow train to cybercrime
These days, it seems that anything you can think of, you can definitely buy it off the internet, whether it is good or bad. Illegal items like drugs, stolen credit card data and even weapons can now be bought if you know where to go and are not concerned about the huge risks you are taking – not least of which is often the legal implications!
But train tickets? Who would have thought that such a mundane item will make its appearance on the dark web? It was interesting for the researchers at Digital Shadows to discover that fraudulent tickets from the French high speed train, the TGV, are now available on the dark web marketplace for 30% of the face value – if you spend 100 euros or more. The seller is helpful enough that if you tell him or her what routes you are looking for, he or she will arrange your ‘order’.
Cue in the plot of spy movies, where a clandestine hacker remotely grants access to an agent on the ground – unlike other similar tickets being offered in the UK that didn’t have the magnetic strip on them, it is claimed that these TGV tickets can actually be picked up from an official French railways ticketing machine! The offer suggests that the hacker has not only found a way to not just steal data and replicate it, but also to insert the counterfeit right back into the system.
Railway projects have been quite a hot topic lately in Asia with the bilateral agreement for the Singapore-Kuala Lumpur High-Speed Rail (HSR) being inked, the launch of China’s Shanghai-Kunming High-Speed Railway, talks between Thailand and Malaysia on a high-speed railway linking up the Bangkok-Kuala Lumpur route and discussions between Indonesia and Japan on a Jakarta-Surabaya rail project. Perhaps the biggest announcement yet in the railway sector is the multi-billion dollar trans-continental rail, known as the “One Belt, One Road” project, that will link up dozens of cities in China and Europe.
While this seems to be a new form of fraud that has emerged lately, one can’t help but wonder if such fraudulent activity could become more rampant with the rise of Asia’s railways. Beyond just a loss of revenue, the ability to alter information in a transport network could have potentially more sinister security implications, especially since most of the new railways are trans-national projects.
Of course whether those tickets listed on the dark web are ‘genuine’ or just a scam, it is impossible to know without buying them and trying them out. The fact that hackers see a market for counterfeit tickets is proof that the cybercriminal underworld is dominated by gangs looking for profit.
As these gangs expand their operations and professionalism, it is clear that it is not just the obvious targets like banks and retailers who are being compromised by their activities. Nowadays any business holding almost any sort of data is fair game, and if they have not been hit yet, it is simply a matter of time before they are.
Data is king and valuable to cybercriminals and we need to do a better job protecting it. Companies need to know when their intellectual property and data has been compromised so there is something that can be done about it quickly before there is an impact on brand and profits.
By managing your digital risk you can protect against cyber attacks, loss of intellectual property, and loss of brand and reputational integrity. It means that when bad things happen, you know about it quickly and can mitigate any damage.