Wednesday, 19 August 2009
Breaking the Record of Shame
« DEFCON 2009 | Main | A knife with my name on it at the airport »
The world recently learned that Albert Gonzalez, a former Secret Service informant, was allegedly involved in breaking the record for the greatest number of credit card numbers stolen in a single operation. According to prosecutors, he did so by stealing 130 million credit and debit card accounts as part of a breach that targeted the card payment processor Heartland Payment Systems and two chain stores: 7-Eleven and Hannaford Brothers. Remarkably, Gonzalez also held the previous record, which he set by allegedly steeling 45 million card numbers in a breach that targeted T.J. Maxx, Barnes & Noble, Sports Authority and OfficeMax.
For readers who like to track the play-by-play and not just the statistics, it is now being reported that the hacker behind the Heartland breach broke into the system using a SQL injection attack. Once on the network, he installed some malware that contained a backdoor, which had been tested against 20 popular anti-virus programs to make sure it went undetected. Once again, this incident demonstrates that when you're code doesn't have security built into it, attackers will find a way to exploit this shortcoming to their great advantage.
For readers who like to track the play-by-play and not just the statistics, it is now being reported that the hacker behind the Heartland breach broke into the system using a SQL injection attack. Once on the network, he installed some malware that contained a backdoor, which had been tested against 20 popular anti-virus programs to make sure it went undetected. Once again, this incident demonstrates that when you're code doesn't have security built into it, attackers will find a way to exploit this shortcoming to their great advantage.
Posted by at 1:33 AM in Fortify
[Trackback URL for this entry]
