Please blackberry just get in to the one market where your sunk investment in physical keyboards and good industrial design is still relevant - low cost chromebook killers. Or even just similiarly priced, but able to run ubuntu linux arm and bb10.
What I don't understand about these massive breaches is that once a pattern has been established all the cards get flagged... right? Which greatly increases the likelihood of subsequent transactions being flagged on the spot, which makes the risk of being caught much greater. Wouldn't the hackers and their clients be better served by much smaller batches of credit cards that aren't clearly from the same breach?
You're right, but they do it in a sneaky way to try and avoid that.
The Russian/Ukrainian rings that hit Target and Home Depot (and various other companies) gathered the cards in secret over many months, while not actually using or selling any of them. Then once they feel like they've gathered enough cards to compensate them for their time, or if they feel like they'll lose access or get caught in the near future, they dump them in bulk batches. Generally these breaches, and the company that was breached, get discovered after the very first dump batch. The banks who issue the credit cards can often figure out what store was breached if they're given a random sample of 1000 or so credit cards; they just correlate the cardholder locations with the stores in the area, and see what store has the most overlap. Often bank security personnel are some of the first to buy the credit card dumps. In fact, this is how Home Depot and Target both found out they were even breached at all: the banks ran their analytics on the dumps and informed them.
After the first batch is released, the subsequent batches are usually less likely to work, but sometimes the banks will just issue notices saying "you recently shopped at Home Depot, please check your account statement" instead of blanket disabling all the cards. In those cases, staggering the dumps in batches increases the overall fraud gain.
Probably the most strategic way to use 50mm credit cards would be to use them destructively, rather than just for direct gain. (All of this is illegal as well as immoral, but just presented so people can develop countermeasures)
Know that using the credit cards will cause the accounts to get frozen, which will cause decreased purchasing; it will also scare people away from those stores, and possibly from purchasing in general.
A nation state could do this for disruption directly; Russia could filter the 50mm cards to find cards belonging to US people (or just assume home depot = usa), and intentionally cause transactions requiring replacement. Do this on the last week before xmas, or black friday, or some other strategic time.
A criminal organization could use the breach to manipulate the stock market -- either directly (shares in the breached company tank, although this doesn't happen to a very large extent), or by blocking cards used at one merchant in particular, raise the sales of a competitor indirectly.
There's also straight extortion -- we'll sell these back to you and go away IFF you pay us.
Interesting tactic, and I could definitely see it being employed by an intelligence agency, but it's unlikely the fraudsters would be able to see any significant monetary gain from it. As you alluded, Home Depot's stock didn't decrease that much, and it bounced back shortly afterwards.
Some of the fraudsters and criminals are politically motivated to an extent, especially with the recent US sanctions against Russia (the codename for the Home Depot card dump is "American Sanctions"), which you can read more about here: http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-ma... The POS malware even has some not so subtle anti-American images embedded within it.
But that said, they care about the money above all else. The rest is just a little added motivation.
For the hackers who broke in and gathered the numbers, large batches of fresh numbers make them the most money. They sell the dumps and the more numbers/the more recent, the more they make. So hitting a big target, gathering a huge collection, and then dumping it all at once is the most profitable. The people who buy the dumps have to worry about cards getting flagged, but not the people selling them, and the hackers dumping the cards don't really care what the people who buy the dumps have to deal with, they just care about getting the most cash they can.
Also since any release at all is highly likely to trigger an investigation, a small dump could be the last, so a big dump is the lowest risk.
Those are just stingrays though, right? It's unclear as the article says towers but doesn't say whether anyone has actually seen a tower, only that they've detected attacks through their secure android phones.
If this is just a report of stingray use it should come as no surprise that they are in widespread use & that non-targeted phones latch on to the signals.
I believe he does read Russian, and poke around a few of his articles, he does sometimes provide links to the shady but still public sites he gets his information from.
Can you expand on why it costs so much to upgrade a basestation? the fiber is already rolled out, the contracts between land owners have already been signed, the surveys for radio propagation have already been done. I honestly don't think the upgrade from 3g to LTE was nearly as expensive as the upgrade from EDGE/2g networks to 3g was for carriers. Also it was much, much quicker for them to roll out LTE networks vs 3g networks.
It would be so nice if all self-help books contained this type of information map. then again, no one would buy them once they saw how little it offered once you removed the tales and examples and 'stories about a guy I met...'
