Posted: October 17, 2013 by

Last updated:

Hackers plant hardware keyloggers at a Florida Nordstrom department store to skim credit card numbers.

Outside of not using them, we can do only so much to secure our credit card numbers.

We all can use the best security software, two-factor authentication, but sometimes the bad guys still get the goods.

Recently, security researcher Brian Krebs wrote about a scheme using hardware keyloggers uncovered at a Florida Nordstrom department store.

Hardware keyloggers have been around for a long time and work similar to software keyloggers in capturing data, but they don’t rely on the operating system to work. They are often disguised to resemble a familiar looking connector or dongle to go unnoticed.



In this Nordstrom case, the thieves used logging devices that resemble a familiar PS/2 connector, the type seen attached to older gen computer keyboards, to try and skim credit card information.

The device is small and undoubtedly would go unnoticed by most cashiers.

This scheme involved a team of three, two to distract the sales person and a third to attach the device.

According to the police report, the thieves’ first surveyed the area and took pictures of registers, then returned to attach the devices. At this particular store there were six of these logging devices discovered.

Nordstrom uncovered the plot after reviewing security camera footage. No word from Nordstrom or authorities on whether the skimmers were able to collect data or not, and if any of the thieves were arrested.

It seems risky and a lot of work to get at credit card information, especially if they have to retrieve the devices with a third trip. On paper the scheme looks like it could work, and probably has for some.

Computer crime comes in all forms and in some cases it might be out of our control to avoid. Most banks and credit card companies are pretty good at identifying suspicious transactions for the typical consumer, but it can go undetected, so it doesn’t hurt to look over your account info from time to time to ensure they’re all valid.

You can read Brian’s report at KrebsOnSecurity.