The World's Largest Cybercrime Empire
The Fin7 indictment says there are at least nine other hacks that followed Red Robin’s exact playbook of relentless phone calls and bellyaching.
The first round of emails usually looked innocuous enough; just an everyday customer reaching out with a question or concern. But later on comes an email with a simple Word doc or rich text file as an attachment containing pertinent information by the customer. Forgot to open the attachment? No problem, a Fin 7 agent will give you a call reminding you to do so. The email trail might look something like this:
(Click to enlarge)
But perhaps nothing proves the sheer professionalism by these guys like the lengths they were willing to go to achieve their goals and later cover their tracks. For instance, Fin7 used a front company known as Combi Security that purportedly is headquartered in Israel and Russia (this one just had to be there for the plot to be complete). The website has been listed for sale since March, probably after serving its purpose.
Members often group communicated through a private HipChat server in numerous private chatrooms, collaborating on malware and victim business intrusions.
Jira, another Atlassian program, was used for project management including tracking stolen data and network maps. It’s a ring staffed with dozens of members with diverse skillsets, and the majority are still lurking out there, somewhere.
Ok, but what did these guys do with all that stolen business data? Easy, millions of stolen payment card numbers were sold in black market websites such as Joker’s Stash.
In short, the horror show has just begun.