A Chinese tech firm that sells widely used hardware is currently under investigation after being accused of facilitating cyberattacks on various American and European targets.
On Tuesday, a swarm of FBI agents raided the Florida offices of Pax Technology, a Chinese point-of-sale manufacturer that sells millions of payment terminals to companies all over the globe. POS terminals are payment kiosks. While you may not recognize the term, you’ve definitely used one before. They can be found pretty much everywhere—from supermarkets to gas stations to your local dive bar (wherever you need to swipe a credit card, a POS terminal will be there).
News of the raid on PAX was originally broken by WOKV, a local Florida news outlet, which reported Tuesday that the FBI, Department of Homeland Security, and other agency officials were conducting “an investigation” at the business’s warehouse in Jacksonville. When queried by reporters, the FBI put out the following statement about their activities:
“The FBI Jacksonville Division, in partnership with Homeland Security Investigations, Customs and Border Protection, Department of Commerce, and Naval Criminal Investigative Services, and with the support of the Jacksonville Sheriff’s Office, is executing a court-authorized search at this location in furtherance of a federal investigation. We are not aware of any physical threat to the surrounding community related to this search. The investigation remains active and ongoing and no additional information can be confirmed at this time.”
While that doesn’t give us a whole lot of clarity on the situation, security journalist Brian Krebs has reported that the company is being investigated for its potential role in facilitating cyberattacks on various American and European targets. A trusted source told Krebs that the company’s point-of-sale devices were supposedly being used as a storage space for malware as well as a “command and control” center, whereby attacks could be deployed and data stolen.
“FBI and MI5 are conducting an intensive investigation into PAX,” the source told Krebs. “A major US payment processor began asking questions about network packets originating from PAX terminals and were not given any good answers.”
That payment processor would appear to be Worldpay from FIS. On Wednesday, Bloomberg News reported that the company had recently begun replacing PAX-manufactured point-of-sale devices with those made by two competitor firms. The replacements, which started prior to news of the federal investigation, were spurred by concerns over odd network activity emanating from PAX’s POS terminals. When asked about the activity by Worldpay, PAX reportedly did not give “satisfactory answers,” a spokesperson told the outlet.
Krebs points out—and it’s a well-known fact—that point-of-sale terminals are common targets for cybercriminals and that the devices are frequently hijacked by hacker groups for the purposes of credential theft and malware distribution. It wouldn’t require a company to be criminally involved for its equipment to be commandeered, and PAX has reportedly claimed that the inquiries into its business are “racially and politically motivated,” Krebs writes.
When reached for comment, a representative from PAX provided Gizmodo with a statement it has been sharing with customers. We have partially reproduced it here. According to the company, they have not been accused of any “wrongdoing”:
You may be aware that yesterday the PAX Technology Inc. warehouse and office in Jacksonville (Florida, USA) were subject to an unexpected law enforcement agency visit in connection with an ongoing investigation. No allegation of wrongdoing has been made against PAX as of Tuesday 26th October 2021.
So, yeah, it’s all a little foggy as to what’s going on here, other than a whole lot of business disruption for PAX. We reached out to the Justice Department for further comment and will update this story if they respond.