Federal agents raided the Florida headquarters of PAX Technology, a Chinese producer of point-of-sale systems used by millions of companies and merchants worldwide. According to KrebsOnSecurity, the raid is related to allegations that PAX’s computers were used in cyberattacks on U.S. and European Union targets.
PAX Technology Inc., headquartered in Shenzhen, China, has more than 60 million point-of-sale terminals in use throughout 120 countries. Earlier today, WOKV.com in Jacksonville, Florida, reported that FBI and Department of Homeland Security (DHS) investigators raided a PAX Technology facility in the area.
Krebs on Security
In the online newsletter “Krebs on Security,” an article published Tuesday, detectives informed a local radio station that they were conducting a “court-authorized search” at a Pax warehouse in Jacksonville, Fla. They claimed that the search was conducted by personnel from the Customs and Border Protection division of the U.S. Department of Homeland Security and the Naval Criminal Investigative Service (NCIS). Brian Krebs, a former Washington Post writer, reports and writes at Krebs on Security.
According to Krebs, citing a “reliable source,” the Federal Bureau of Inquiry opened an investigation when a “large” U.S. processor inquired about “abnormal” network traffic coming from Pax terminals. According to the source, U.S. processors discovered that the terminals were being used as a “storage of malicious files” and “command and control” system for attacks and data collection. Krebs notes, however, that the source was unable to provide details regarding the “abnormal network behavior” that caught the FBI’s notice.
Several days ago, KrebsOnSecurity learned from a reliable source that the FBI initiated an investigation against PAX after a large U.S. payment processor inquired about odd network packets emanating from the company’s payment terminals.
According to that source, the payment processor discovered that the PAX terminals were being used as a malware “dropper”,a store for dangerous files as well as “command-and-control” sites for staging assaults and gathering data.
“The FBI and MI5 are undertaking a thorough probe into PAX,” a source said. “A large payment processor in the United States started enquiring about network packets coming from PAX terminals and was given no satisfactory replies.”
KrebsOnSecurity contacted the CEO of PAX Technology. The firm has not yet returned requests for comment.
According to the source, two large financial institutions, one in the United States and another in the United Kingdom have already begun removing PAX terminals from their payment infrastructure, a claim confirmed by two separate individuals.
“According to my sources, there is technical evidence of how the terminals were employed in assault operations,” the person stated. “The packet sizes do not correspond to the payment data these devices should be delivering, nor do they correspond to the telemetry these devices may show during software updates. PAX is now asserting that the probe is motivated by racial and political animosity.”
The insider was unable to provide specifics on the unusual network activities that sparked the FBI’s inquiry. However, it’s worth noting that point-of-sale machines and the underlying technology are recurring targets of hackers.
It is fairly unusual for malicious software to hack payment terminals remotely and cause them to gather and transfer stolen information. Indeed, several of history’s largest cyberheists involved point-of-sale malware, including the 2008 Heartland Payment Systems breach, which exposed 100 million payment cards, and the 2013-2014 Target, Home Depot, and other retailer breaches, which resulted in the theft of approximately another 100 million cards.
Even if it were shown publicly today that the company’s technology posed a security risk, I’m guessing few merchants would move quickly to address the issue in the near term. The PAX Technology probe comes at a perilous moment for merchants, many of which are preparing for the hectic Christmas shopping season. Additionally, worldwide shortages of computer chips are generating significant delays in the procurement of new devices.
On Tuesday, October 26, 2021, PAX Technology, Inc. was unexpectedly visited by the Federal Bureau of Investigation (FBI) and other government authorities in connection with an alleged investigation.
PAX Technology is unaware of any improper behavior by itself or its employees and is in the process of retaining counsel to help in determining the facts surrounding the inquiry.
Separately, we are aware of media claims about PAX Technology’s products and services being insecure. Security is a top priority for PAX Technology. PAX Technology, like always, is vigilant for any risks in its surroundings. We are devoted to continuing to provide safe and high-quality software systems and solutions.
As the digital world evolves at a breakneck pace, and there are several methods for our program to be hacked, If companies have complete security in addition to a smooth checkout, they will continue to purchase at your business. Security must be everyone’s primary responsibility, not only because they have personally experienced such incidents but also to prevent future occurrences.