GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Advisory Board: Assessing the U.S. EMV rollout - Part 1


Industry Update

PCI SSC delivers data breach guidance

AFP finds strong interest in electronic B2B payments

Chinese hackers breach LoopPay

New Yorkers round up to close hunger gap

Commodities traders toss rulebook at Coinflip


The outlook for EMV

The Mobile Buzz: Emerging phablet phenomenon


The very point of sale: EMV's teachable moment

Dale S. Laszig
DSL Direct LLC

Through The Fires, the autobiography of Robert Owen Carr

Brandes Elitch
CrossCheck Inc.


Street SmartsSM:
After the deadline, MLSs share thoughts on EMV - Part 2

Jeffrey I. Shavitz
TrafficJamming LLC

Reconciliation and settlement systems

Chandan Mukherjee
PayCube Inc.

The liability shift is here - now what?

Michael Gavin

Company Profile



New Products

A platform to protect, enhance critical infrastructure

ThetaRay Analytics Platform

Safe, simple, efficient online checkout



Go forth and find your fortune


Letter From the Editors

Readers Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

October 26, 2015  •  Issue 15:10:02

previous next

Chinese hackers breach LoopPay

An alleged Chinese state-sponsored hacker ring known as the Codoso Group or Sunshock Group apparently breached the corporate computer network of LoopPay Inc. starting as early as March 2015. The Massachusetts-based subsidiary of Samsung Electronics Co. Ltd. is the developer of magnetic security transmission (MST) technology, a core component in the new Samsung Pay mobile wallet released in the United States Sept. 28, 2015.

According to a report published in The New York Times on Oct. 7, LoopPay became aware of the intrusion in late August when an unnamed group discovered LoopPay data while investigating the Codoso Group in a separate breach incident. Earlier this year, the group was linked to a multistage, malicious code attack on the LLC website, which infected the computer systems of site visitors. On Aug. 28, LoopPay hired two private forensics teams to investigate the breach.

Payment data not at risk

LoopPay said it appears the hackers may have been seeking inside information about the MST technology itself. Key executives from LoopPay and Samsung indicated they were confident the infected machines had been isolated and that customer payment data and personal devices were not exposed in any way.

"Samsung Pay was not impacted, and at no point was any personal payment information at risk," said Samsung Chief Privacy Officer Darlene Cedres in a statement. "This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay."

Security experts tracking the Codoso hackers told The New York Times that with the investigation still unfolding, it is premature at this point to estimate the extent of damages to LoopPay; this particular group is known for planting hidden back doors in previous attacks that have continued to infiltrate networks long after the breach.

Lucas Zaichkowsky, Enterprise Defense Architect at AccessData agreed that once cybercriminals do the initial footprint and reconnaissance of the company they wish to target, after the initial entry, an intrusion can escalate quickly, especially when they gain access to privileged credentials.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

USAePay | Impact Paysystems | Electronic Merchant Systems | Inovio | Board Studios, Inc.