A prominent Chinese tech firm that sells hardware to companies throughout the world is currently under investigation after being accused of facilitating cyberattacks on various American and European targets.
On Tuesday, a swarm of FBI agents raided the Florida offices of Pax Technology, a large, Chinese-owned point-of-sale manufacturer that sells millions of payment terminals (POS) to companies all over the globe. POS terminals are essentially payment kiosks. While you may not recognize the term, you’ve definitely used one before. They can be found pretty much everywhere—from supermarkets to gas stations to your local dive bar (wherever you need to swipe a credit card, a POS terminal will be there).
News of the raid on PAX was originally broken by WOKV, a local Florida news outlet, which reported Tuesday that the FBI, Department of Homeland Security, and other agency officials were conducting “an investigation” at the business’s warehouse in Jacksonville. When queried by reporters, the FBI put out the following statement about their activities:
“The FBI Jacksonville Division, in partnership with Homeland Security Investigations, Customs and Border Protection, Department of Commerce, and Naval Criminal Investigative Services, and with the support of the Jacksonville Sheriff’s Office, is executing a court-authorized search at this location in furtherance of a federal investigation. We are not aware of any physical threat to the surrounding community related to this search. The investigation remains active and ongoing and no additional information can be confirmed at this time.”
While that doesn’t give us a whole lot of clarity on the situation, security journalist Brian Krebs has reported that the company is being investigated for its potential role in facilitating cyberattacks on various American and European targets. A trusted source told Krebs that the company’s point-of-sale devices were supposedly being used as a storage space for malware as well as a “command and control” center, whereby attacks could be deployed and data stolen.
“FBI and MI5 are conducting an intensive investigation into PAX,” the source told Krebs. “A major US payment processor began asking questions about network packets originating from PAX terminals and were not given any good answers.”
That payment processor would appear to be Worldpay from FIS. On Wednesday, Bloomberg News reported that the company had recently begun replacing PAX-manufactured point-of-sale devices with those made by two competitor firms. The replacements, which started prior to news of the federal investigation, were spurred by concerns over odd network activity emanating from PAX’s POS terminals. When asked about the activity by Worldpay, PAX reportedly did not give “satisfactory answers,” a spokesperson told the outlet.
Krebs points out—and it’s a well-known fact—that point-of-sale terminals are common targets for cybercriminals and that the devices are frequently hijacked by hacker groups for the purposes of credential theft and malware distribution. It wouldn’t