https://krebsonsecurity.com/2021/10/fbi-raids-chinese-point-of-sale-giant-pax-technology/ Advertisement [2] Advertisement [143] Krebs on Security Skip to content * Home * About the Author * Advertising/Speaking FBI Raids Chinese Point-of-Sale Giant PAX Technology October 26, 2021 18 Comments U.S. federal investigators today raided the Florida offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may have been involved in cyberattacks on U.S. and E.U. organizations. [wokv] FBI agents entering PAX Technology offices in Jacksonville today. Source: WOKV.com. Headquartered in Shenzhen, China, PAX Technology Inc. has more than 60 million point-of-sale terminals in use throughout 120 countries. Earlier today, Jacksonville, Fla. based WOKV.com reported that agents with the FBI and Department of Homeland Security (DHS) had raided a local PAX Technology warehouse. In an official statement, investigators told WOKV only that they were executing a court-authorized search at the warehouse as a part of a federal investigation, and that the inquiry included the Department of Customs and Border Protection and the Naval Criminal Investigative Services (NCIS). The FBI has not responded to requests for comment. Several days ago, KrebsOnSecurity heard from a trusted source that the FBI began investigating PAX after a major U.S. payment processor started asking questions about unusual network packets originating from the company's payment terminals. According to that source, the payment processor found that the PAX terminals were being used both as a malware "dropper" -- a repository for malicious files -- and as "command-and-control" locations for staging attacks and collecting information. "FBI and MI5 are conducting an intensive investigation into PAX," the source said. "A major US payment processor began asking questions about network packets originating from PAX terminals and were not given any good answers." KrebsOnSecurity reached out to PAX Technology's CEO on Sunday. The company has not yet responded to requests for comment. The source said two major financial providers -- one in the United States and one in the United Kingdom -- had already begun pulling PAX terminals from their payment infrastructure, a claim that was verified by two different sources. "My sources say that there is tech proof of the way that the terminals were used in attack ops," the source said. "The packet sizes don't match the payment data they should be sending, nor does it correlate with telemetry these devices might display if they were updating their software. PAX is now claiming that the investigation is racially and politically motivated." The source was unable to share specific details about the strange network activity that prompted the FBI's investigation. But it should be noted that point-of-sale terminals and the technology that supports them are perennial targets of cybercriminals. It is not uncommon for payment terminals to be compromised remotely by malicious software and made to collect and transmit stolen information. Indeed, some of history's largest cyberheists involved point-of-sale malware, including the 2008 breach at Heartland Payment Systems that exposed 100 million payment cards, and the 2013-2014 string of breaches at Target, Home Depot and elsewhere that led to the theft of roughly another 100 million cards. Even if it were publicly proven today that the company's technology was in fact a security risk, my guess is few retailers would be quick to do much about it in the short run. The investigation into PAX Technology comes at a dicey time for retailers, many of whom are gearing up for the busy holiday shopping season. What's more, global computer chip shortages are causing lengthy delays in procuring new electronics. This entry was posted on Tuesday 26th of October 2021 01:30 PM A Little Sunshine Department of Customs and Border Protection Department of Homeland Security Federal Bureau of Investigation Naval Criminal Investigative Services PAX Technology WOKV.com [147] Post navigation - Conti Ransom Gang Starts Selling Access to Victims 18 thoughts on "FBI Raids Chinese Point-of-Sale Giant PAX Technology" 1. Kevin Eack October 26, 2021 Thank you for all you do to keep us informed. Reply - 2. Tim Winston October 26, 2021 It is rare for payment terminals to be compromised. Target & Home Depot had their point-of-sale systems compromised. Not the terminals connected to those systems. Barnes & Noble in 2021 ( https://arstechnica.com/information-technology/2012/10/ hackers-steal-data-from-compromised-barnes-noble-payment-terminals /) is one of the few Reply - 1. Skyler Ferran October 26, 2021 Think you mean 2012 instead of 2021, unless the folks at B&N have some bad news coming their way! Reply - 3. Rick October 26, 2021 Unwilling victim of poor security controls on its devices, or press-ganged / coerced victim of the PLA and other nefarious forces of the CCP? One wonders but based upon the shrill response to inquiries collusion with offensive state forces of the Chinese Communist Party would appear the more likely. In other words this was a strategic attack against the businesses of US and UK. Reply - 1. Thom Smith October 26, 2021 C'mon, man, that is "racially and politically motivated." Reply - 1. neck sniffer aka "hidden blinden" October 26, 2021 lol c'mon, man, can't a lying dog face pony corrupt politician make some dirty money the old fashion way?!.. by selling out his country to a known and confirmed enemy? my goodness man.. if you don't trust me?!.. then you ain't american. but hide your kids, fair warning. No move along.. nothin to see here, git! Reply - 2. Vladimir Putin October 26, 2021 Da! But true nonetheless Reply - 4. David October 26, 2021 I would like to point out a common misunderstanding that appears in this article. It is actually uncommon for payment terminals to be compromised. Many of these devices are typically independently certified and tested under the PTS standard. Payment workstations, the Point of Sale system itself which are PC's or tablets, are another matter. Many of these POS breaches involved terminals running in a "fully integrated" mode where the POS received the card data and facilitated the communication with the payment processor. I can't think of single major breach that was actually the card entry device and not the POS system. Pax, like Verifone and Ingenico have many PTS certified terminal models. In this case, if certified devices were responsible for this traffic then that would be huge news! A PAX supplied POS workstation or tablet would seem more likely. Reply - 1. SREDD Coder October 26, 2021 I write payment terminal firmware for a living and you are very naive. Reply - 1. yingste October 26, 2021 Even some of their newer Android based chip card machines are running fairly old versions of android. At least both the a920 and a80 are running something like android 7. Reply - 2. Matt October 26, 2021 This is absolutely correct and a very important distinction. Reply - 5. Jeffrey Payne October 26, 2021 It's an open secret in the payments industry that PAX was started with stolen IP. No surprise at all to see them involved in something like this. Reply - 1. Culture of thieves October 26, 2021 Along with the rest of China. Reply - 2. NoWayToPay October 26, 2021 Really ? So you say Pax was started by ripping of Softpay ? Or Verix ? Or ACT/UCL ? Come on, this is nonsense. On the other hand, S920 design was copied by another company (Vx690). Reply - 6. Wena Wena October 26, 2021 Same happened with Huawei against Cisco Reply - 7. The Sunshine State October 26, 2021 Remember, this is from a totalitarian country that unleashed the pandemic on the world Reply - 8. John October 26, 2021 I wonder if the malware is in the show URL? Reply - 9. Matt October 26, 2021 The difference between this scenario and the many data breaches of the past is that PAX has/had infected payment terminals - all of the other breaches were the result of infected point-of-sale systems - not hardware payment terminals. Reply - Leave a Reply Cancel reply Your email address will not be published. Required fields are marked * [ ] [ ] [ ] [ ] [ ] [ ] [ ] Comment [ ] Name * [ ] Email * [ ] Website [ ] [Post Comment] [ ] [ ] [ ] [ ] [ ] [ ] [ ] D[ ] Advertisement [13] Advertisement [138] Mailing List Subscribe here Search KrebsOnSecurity Search for: [ ] [Search] Recent Posts * FBI Raids Chinese Point-of-Sale Giant PAX Technology * Conti Ransom Gang Starts Selling Access to Victims * Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability * How Coinbase Phishers Steal One-Time Passwords * Patch Tuesday, October 2021 Edition Spam Nation Spam Nation A New York Times Bestseller! Thinking of a Cybersecurity Career? Thinking of a Cybersecurity Career? Read this. All About Skimmers All About Skimmers Click image for my skimmer series. Story Categories * A Little Sunshine * All About Skimmers * Ashley Madison breach * Breadcrumbs * Data Breaches * DDoS-for-Hire * Employment Fraud * How to Break Into Security * Latest Warnings * Ne'er-Do-Well News * Other * Pharma Wars * Ransomware * Security Tools * SIM Swapping * Spam Nation * Target: Small Businesses * Tax Refund Fraud * The Coming Storm * Time to Patch * Web Fraud 2.0 The Value of a Hacked PC valuehackedpc Badguy uses for your PC Badguy Uses for Your Email Badguy Uses for Your Email Your email account may be worth far more than you imagine. Donate to Krebs On Security Most Popular Posts * Sextortion Scam Uses Recipient's Hacked Passwords (1076) * Online Cheating Site AshleyMadison Hacked (798) * Sources: Target Investigating Data Breach (620) * Trump Fires Security Chief Christopher Krebs (534) * Cards Stolen in Target Breach Flood Underground Markets (445) * Reports: Liberty Reserve Founder Arrested, Site Shuttered (416) * Was the Ashley Madison Database Leaked? (376) * DDoS-Guard To Forfeit Internet Space Occupied by Parler (374) * True Goodbye: 'Using TrueCrypt Is Not Secure' (363) * Who Hacked Ashley Madison? (361) Why So Many Top Hackers Hail from Russia [computered-580x389] Category: Web Fraud 2.0 Criminnovations Innovations from the Underground [shreddedID-copy-285x189] ID Protection Services Examined Is Antivirus Dead? Is Antivirus Dead? The reasons for its decline The Growing Tax Fraud Menace The Growing Tax Fraud Menace File 'em Before the Bad Guys Can Inside a Carding Shop Inside a Carding Shop A crash course in carding. Beware Social Security Fraud Beware Social Security Fraud Sign up, or Be Signed Up! How Was Your Card Stolen? How Was Your Card Stolen? Finding out is not so easy. Krebs's 3 Rules... Krebs's 3 Rules... ...For Online Safety. (c) Krebs on Security