FBI Raids Chinese Point-of-Sale Giant PAX Technology – Krebs on Security

US federal investigators raided Florida offices today PAX technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers around the world. KrebsOnSecurity learned that the raid was linked to reports that PAX’s systems may have been involved in cyberattacks against US and EU organizations.

FBI agents enter PAX Technology’s Jacksonville offices today. Source:

Headquarters in Shenzhen, China, PAX Technology Inc. has more than 60 million point-of-sale terminals in use in 120 countries. Previously based in Jacksonville, Florida reported that agents at the FBI and Department of Homeland Security (DHS) raided a local PAX Technology warehouse.

In an official statement, investigators only told WOKV that they were conducting a court-approved search of the warehouse as part of a federal investigation, and that the investigation was the Customs and Border Protection Department and the Naval criminal investigation services (NCIS). The FBI has not responded to requests for comment.

A few days ago, KrebsOnSecurity heard from a trusted source that the FBI began an investigation into PAX after a major U.S. payment processor started asking questions about unusual network packets coming from the company’s payment terminals.

According to this source, the payment processor found that the PAX terminals were being used both as malware droppers – a repository of malicious files – and “command and control” locations for staging attacks and gathering information.

“FBI and MI5 are conducting an intensive investigation into PAX,” the source said. “A large US payment processor started asking questions about network packets coming from PAX terminals and didn’t get good answers.”

KrebsOnSecurity contacted the CEO of PAX Technology on Sunday. The company has not yet responded to requests for comment.

The source said two major financial services companies – one in the US and one in the UK – have already started pulling PAX terminals out of their payments infrastructure, a claim that has been confirmed by two different sources.

“My sources say there is technical evidence of how the terminals were used in attack operations,” the source said. “The packet sizes don’t match the payment details they should send, nor do they correlate with the telemetry these devices might display when they update their software. PAX now claims that the investigation is racially and politically motivated. “

The source was unable to provide specific details about the strange network activity that sparked the FBI’s investigation. It should be noted, however, that point-of-sale terminals and the technology that support them are an ongoing target for cyber criminals.

It is not uncommon for payment terminals to be remotely compromised by malware and forced to collect and transmit stolen information. In fact, some of the biggest cyber thieves in history targeted point-of-sale malware, including the Heartland Payment Systems breach in 2008 that exposed 100 million payment cards and the 2013-2014 series of breaches target, Home depot and elsewhere, leading to the theft of around 100 million other cards.

Even if it were publicly proven today that the company’s technology was indeed a security risk, I think few retailers would do much about it in the short term. The study of PAX technology comes at a difficult time for retailers, many of whom are preparing for the busy Christmas shopping season. In addition, the global scarcity of computer chips leads to long delays in the procurement of new electronics.