On Friday night, CSO magazine reported that a three year old version of Card Recon (version 1.14.7) surfaced in a toolkit known to be used by hackers. The Card Recon version in this toolkit was illegally modified to remove the license validation process which prevents its unauthorised use.
Card Recon was designed to help merchants and their PCI QSAs fight against cardholder data theft by empowering them to identify any rogue instance of this data and to remove it so that there’s nothing left for the bad guys to steal.
The tables have now turned with criminals using the same tools as the good guys. This proves that hackers also want access to security tools that can improve the accuracy of identifying sensitive data in the easiest possible manner.
Like all responsible software companies, Ground Labs uses the industry’s best practices in fraud screening systems and implements license authentication within our products to prevent illegitimate use. Card Recon has been actively used over the last six years across hundreds of thousands of systems to help organisations become PCI Compliant. The growth of our user base makes it hard to track and prevent unauthorised access or modification to the software binaries after they have been downloaded.
We would like to reassure all customers and QSA partners that this news does not create any impact on you and Ground Labs has not suffered any system compromise or data loss.
However, we do advise that you should only be using versions of Card Recon downloaded directly from the Ground Labs customer portal. If you are not running the tool, only allow reputable security consultants listed on the PCI Qualified Security Assessors list to provide and operate Card Recon in your IT environment.
We have provided some answers to possible questions you may have about Card Recon.
If you do have any other questions, please contact our team at any time as we would be happy to provide clarification or further advice.
I’m an existing Card Recon customer. Am I or my customers affected by this?
This situation does not affect customers who are using a genuine copy of Card Recon downloaded from Ground Labs or have acquired this through a current PCI QSA.
If you are unsure, please download the latest version of Card Recon. The current latest version is 2.0.6 and is available from: https://services.groundlabs.com/
I’m an Enterprise Recon or Data Recon customer. Am I affected?
Enterprise Recon and Data Recon was not reported to be copied or modified. However we will always recommend that you only download your product directly from Ground Labs customer portal or acquire it through a current PCI QSA.
What version of Card Recon was copied and modified? How do I find out if my copy of Card Recon is genuine?
The illegitimate copy of Card Recon for Windows 32 bit (GUI) is derived from version 1.14.7 and it is more than three years behind our current release (2.0.6). Other versions of Card Recon including modified Card Recon binaries for other operating systems and CPU architectures were not reported to be in circulation.
A legitimate version of Card Recon will be digitally signed by Ground Labs. This can be verified by right clicking on the file within Windows and selecting Properties. The newest version of Card Recon (2.0.6), will display the following under the “Digital Signatures” tab:
An illegitimate copy of Card Recon will display an invalid signature. Alternatively it will not display “Ground Labs Pte Ltd” as the entity who has signed the software. According to a security analyst report, the MD5 checksums of the illegally modified software are as follows:cardrecon_v1.14.7_cracked.exe – bbb1b9968e9136899029d9972ef26f88 cardrecon_v1.14.7_cracked_consultant_edition.exe – D72b3914e26813fb0288a701fd0dac06
What modification was made?
The modification removed any license restrictions on Card Recon that prevents its unauthorised use. It is unclear what further modifications were made.
Is Card Recon still a safe tool to use?
Yes. In fact it’s one of the most common tools used by security professionals within the Payment Card Industry and their clients.
Only a genuine copy of latest version of Card Recon (currently version 2.0.6) should ever be used and this is available from the Ground Labs Customer Portal.
Can this happen to any software?
Unfortunately yes, cybercriminals have been modifying software to circumvent license restrictions since Copy Protection was first introduced more than 30 years ago. It is common for modified copies of popular software packages from well-known software brands to be found on websites that promote software piracy and file exchange networks such as Bittorrent.
Should I try out the modified version?
If you have already acquired a modified version, you should delete this immediately as it has been modified illegally and redistributed without Ground Labs’ permission. As such, any use of these versions are in violation of Ground Labs’ license agreement and it would constitute software piracy.
Any copy of Card Recon that was not acquired from Ground Labs or a reputable PCI QSA should not be trusted under any circumstances.
I’m not a customer. How do I acquire a legitimate copy of Card Recon?
We offer a free trial of Card Recon for 21 days to genuine companies who wish to perform cardholder data discovery within their environment. Visit http://www.groundlabs.com/try to apply for a free trial.