Heartland Hackers Caught; Answers and Questions

[security curmudgeon <jericho () attrition org>]

[This is a great summary based on the information released so far. One 
thing that instantly came to mind early, is also expressed in this 
article:

   This indictment covers breaches of Heartland, Hannaford, 7-Eleven, and
   two "major retailers" breached in 2007 and early 2008. Those retailers
   have not been revealed, and it is unknown if they are in violation of
   any breach notification laws.

So when they come out, it will be interesting to see how they were able to 
avoid disclosing details per various state laws. - jericho]


http://securosis.com/blog/heartland-hackers-caught-answers-and-questions/

UPDATE: follow up article with what may be the details of the attacks, 
based on the FBI/Secret Service advisory that went out earlier this year.

The indictment today of Albert Gonzales and two co-conspirators for 
hacking Hannaford, 7-Eleven, and Heartland Payment Systems is absolutely 
fascinating on multiple levels. Most importantly from a security 
perspective, it finally reveals details of the attacks. While we don't 
learn the specific platforms and commands, the indictment provides far 
greater insights than the speculation of those like myself. In the "drama" 
category, we learn that the main perpetrator is the same person who hacked 
TJX (and multiple other retailers), and was the Secret Service informant 
who helped bring down the Shadowcrew.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php