New Details, and Lessons, on Heartland Breach

[security curmudgeon <jericho () attrition org>]

http://securosis.com/blog/new-details-and-lessons-on-heartland-breach


New Details, and Lessons, on Heartland Breach

Thanks to an anonymous reader, we may have some additional information on 
how the Heartland breach occurred. Keep in mind that this isn't fully 
validated information, but it does correlate with other information we've 
received, including public statements by Heartland officials.

On Monday we correlated the Heatland breach with a joint FBI/USSS bulletin 
that contained some in-depth details on the probable attack methodology. 
In public statements (and private rumors) it's come out that Heartland was 
likely breached via a regular corporate system, and that hole was then 
leveraged to cross over to the better-protected transaction network.

According to our source, this is exactly what happened. SQL injection was 
used to compromise a system outside the transaction processing network 
segment. They used that toehold to start compromising vulnerable systems, 
including workstations. One of these internal workstations was connected 
by VPN to the transaction processing datacenter, which allowed them access 
to the sensitive information. These details were provided in a private 
meeting held by Heartland in Florida to discuss the breach with other 
members of the payment industry.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php