BreachExchange mailing list archives
Heartland Hackers Caught; Answers and Questions
From: security curmudgeon <jericho () attrition org>
Date: Tue, 18 Aug 2009 00:06:36 +0000 (UTC)
[This is a great summary based on the information released so far. One thing that instantly came to mind early, is also expressed in this article: This indictment covers breaches of Heartland, Hannaford, 7-Eleven, and two "major retailers" breached in 2007 and early 2008. Those retailers have not been revealed, and it is unknown if they are in violation of any breach notification laws. So when they come out, it will be interesting to see how they were able to avoid disclosing details per various state laws. - jericho] http://securosis.com/blog/heartland-hackers-caught-answers-and-questions/ UPDATE: follow up article with what may be the details of the attacks, based on the FBI/Secret Service advisory that went out earlier this year. The indictment today of Albert Gonzales and two co-conspirators for hacking Hannaford, 7-Eleven, and Heartland Payment Systems is absolutely fascinating on multiple levels. Most importantly from a security perspective, it finally reveals details of the attacks. While we don't learn the specific platforms and commands, the indictment provides far greater insights than the speculation of those like myself. In the "drama" category, we learn that the main perpetrator is the same person who hacked TJX (and multiple other retailers), and was the Secret Service informant who helped bring down the Shadowcrew. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Heartland Hackers Caught; Answers and Questions security curmudgeon (Aug 17)