Free Newsletter
HOT TOPICS >> The tech world's top flops and fiascos of 2011 | Top 8 features in Windows 8 | Paul's Q&As
INDUSTRY >> Healthcare IT | Government IT | Financial Services IT | Biotech IT | Compliance IT
Biggest hacking case ever sends security warning
An indictment in the largest case of computer crime and identity theft ever, brought by government prosecutors, offers a clear warning to retail and bank IT executives that it is time to raise the security standards for credit card transactions.
On Monday, the Department of Justice announced the indictment of a notorious American and two unnamed Russian co-conspirators for stealing more than 130 million credit and debit card numbers in 2007. They are charged with hacking into the networks of credit card processor Heartland Payment Systems, 7-Eleven Inc, Hannaford Brothers (a regional supermarket chain) and two unnamed national retailers.
The key player in this outlandish scam is 28-year old Albert Gonzalez of Miami. He is now incarcerated and awaiting trial on earlier charges of stealing data from Dave & Buster's restaurant chain, and breaches in the 2005 data theft at TJ Maxx stores.
Richard Wang, manager of Sophos Labs U.S., a security firm, told the New York Times that the case makes it clear that retailers and banks must encrypt credit card numbers when they are transmitted between computers. Currently, major banks only agree to encrypt such data when it is stored. Wang predicted that this case is not the last time we will see such security breaches--something that should make the IT staff at any company using credit card systems stand up and take notice.
The indictment stated that Gonzalez and his cohorts identified targets, scouted their payment-processing systems and uncovered vulnerabilities. They then used leased computers controlled in California, Illinois, New Jersey, Latvia, Ukraine and the Netherlands to store malware, and launch their attacks.
The authorities said the hackers tested their malware against some 20 different antivirus programs to make sure they wouldn't be detected. They also programmed the malware to erase evidence and avoid forensic detection. The indictment said they took advantage of flaws in the SQL programming language and were able to intercept the credit card transactions in real time.
For more on this digital heist:
- see this New York Times article
Related Articles:
Heartland's CEO: Lessons from a bad data breach
Data exposed on NYSE server
Are you worried about growing cybercrime?
Survey: Most businesses are not attending to cloud security
SHARE WITH:
Home
| Subscribe | Advertise | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2011 FierceMarkets. All rights reserved. |
 |
