Connect with us

Cyber Security

The Heartland Breach: A Cautionary Tale for E-Commerce




Reading Time: 4 minutes

The notorious John Dillinger was supposedly asked why he robbed banks.  His reply was “That’s where the money is!” You could get the same reply if you asked a hacker why they attack credit/debit card payment systems. The information obtained could be used to generate millions in fraudulent transactions.

Simply in terms of the financial loss, the number one data breach of the 21st century so far was Heartland Payment Systems breach of 2008. 134 million credit cards were exposed through SQL injection attacks used to install spyware on Heartland’s data systems.

Who is Heartland Payment Systems?

Heartland Payment Systems, Inc. processes payments for debit, prepaid, and credit cards. They also process online payments and checks and provide payroll services. They are the fifth largest credit card processor in the US and ninth in the world.

At the time of the breach, they processed 100 million payment card transactions per month for 175,000 merchants. Most transactions Heartland processes are from small to midsized retailers. Heartland acts as the middleman between the point of sale (POS) and the banks’ card networks.

What happened?

In January 2009 Heartland announced that the computers they use to process payment card transactions had been breached in 2008.

The data compromised included all of the information required to produce counterfeit credit cards, including the data coded on the card’s magnetic strip.

The breach was discovered after Visa and MasterCard notified Heartland of suspicious transactions from accounts it processed. Heartland found a spyware program planted by the hackers that stole the data over a period of several months in 2008.

In fact, the breach was a very slow moving event. It started with an “SQL Injection” attack in late 2007 that compromised their database. An SQL Injection appends additional database commands to code in web scripts.  Heartland determined that the code modified was in a web login page that had been deployed 8 years earlier, but this was the first time the vulnerability had been exploited.

The hackers then spent 8 months working to access the payment processing system while avoiding detection from several different antivirus systems used by Heartland. They eventually installed a type of spyware program called a “sniffer” that captured the card data as payments were processed.

Sniffer programs are used to monitor network traffic for the purposes of analyzing and solving problems. Unfortunately, they can also be used to capture data for nefarious purposes. In this case the sniffer provided the thieves with the proverbial “keys to the Kingdom”, that is all the data required to counterfeit cards.

Truth and Consequences

The consequences for Heartland were severe.

They were deemed no longer compliant with the Payment Card Industry Data Security Standard   (PCI DSS).  Credit card providers such as Visa and Master Card require PCS DSS validation to be allowed to process their card’s payments. They were not able to be revalidated until May of 2009. At that time they announced an ambitious security strategy that included “end to end” encryption, the first of its kind.

The loss of revenue during this period was just the beginning. Heartland would eventually provide over $145 million dollars in compensation for fraudulent payments. The total loss for companies, banks and insurers would be estimated at over $200 million.

Well the good news is that the Feds got their men. In 2009 a Cuban American Albert Gonzalez and two unnamed Russian accomplices were indicted for the Heartland breach. Gonzalez was alleged to have masterminded an international operation that stole the credit and debit cards.

In March 2010 he was sentenced to 20 years in federal prison.

I may revisit the story of Gonzales and his gang of hackers someday, it is truly remarkable.  He was a child prodigy who ran with, no, organized a bad crowd and engaged in numerous sophisticated schemes. He has already been featured on the CNBC show “American Greed”

So What Can We Learn from the Heartland?

Heartland rebounded well from the breach because it took responsibility for what happened. They took the lead in promoting solutions to prevent such breaches, particularly end to end encryption.

For everyone else the lesson is that you cannot be too secure.  Heartland was supposedly PCI DSS compliant at the time of the breach. Clearly some things were missed. You need to check every web page continuously for vulnerabilities. Services like Comodo’s HackerGuardian will scan your pages for malware and PCI Compliance issues daily and are essential to the small and medium size business.

You must have a layered approach that implements the best firewall and malware scanning for the network connections points and on every server and computer on your network. You are only as secure as your weakest link.

Gonzales and his team overcame numerous security measures and tested their malware against 20 different antivirus systems.

Most malware protection systems use a “blacklist” of known threats to screen files. The problem with this approach is that the list has to be constantly updated and they can’t protect against threats not yet identified. As former Defense Secretary Donald Rumsfeld once said, the thing that you keeps you up at night are the thing that you don’t know and you don’t know that you don’t know them!

With 40,000 new malware unleashed every day it is a lot of work maintaining a blacklist.

I prefer antivirus systems that use a “whitelist” approach. That is where the scanner uses a list of known valid programs to allow only safe programs to run in the system. For any other software they allow it to run in a separate, isolate system called a “sandbox.” The scanner monitors the program in the sandbox and can identify if it is safe or not.

Such systems are sometimes criticized as being too aggressive and they require closer attention. However, the Heartland breach is evidence that an aggressive approach to network and computer security is more than warranted in 21st century.
Website Security Software


Cyber Security

6 Crucial password security tips for everyone




[ This article was originally published here ]

This blog was written by an independent guest blogger.
These days, everyone has passwords. Lots and lots of passwords! When I think of how many user accounts with passwords that I have, I probably have dozens. A few for social media platforms like Twitter and LinkedIn, a few for my favorite media streaming services, one for Nintendo Switch and another for the PlayStation Network, a few for my utilities including electricity and my ISP, a few with Amazon and other online retailers, one with the government to file my personal income taxes, my home WiFi password, a Gmail account for all of my Google and YouTube stuff, accounts to authenticate into a couple of different web browsers, an account for my bank’s website, and there are probably at least a dozen more. And I’m a pretty typical technology user. So chances are, you have many similar…

Kim Crawley Posted by:

Kim Crawley




Continue Reading

Cyber Security

Deadly Ransomware Story Continues to Unfold




A ransomware attack with fatal consequences is attracting notice and comment from around the world.

This is a follow-up to yesterday’s story breaking the news of fatal consequences in a German ransomware attack.

Reaction is continuing to the story of what Reuters says may be the world’s first human fatality directly attributed to a cyberattack. According to the news service’s reporting, the attack, which began on Sept. 10, utilized a known vulnerability in a Citrix VPN as its point of entry. As of today, The University Clinic in Duesseldorf remained unable to admit new patients brought in by ambulance.

Because a woman died after being redirected to another hospital, German authorities are investigating possible manslaughter charges against the still-unknown attackers. “If homicide charges are combined with computer crime charges, it could be a sound idea to attempt imposing a lengthy prison sentence for the attackers, and, potentially, to get more international cooperation in the investigation,” says Ilia Kolochenko, founder and CEO of ImmuniWeb. She warns, though, that “the causation element will likely be extremely burdensome to prove within the context: defense attorneys will likely shift the entire blame on other parties spanning from hospital personnel and its IT contractors in charge of network management and security.”

Terence Jackson, CISO at Thycotic, notes: “According to a recent Check Point report, 80% of observed ransomware attacks in the first half of 2020 used vulnerabilities reported and registered in 2017 and earlier — and more than 20% of the attacks used vulnerabilities that are at least 7 years old.”

The pre-existing vulnerability means that “there was time to mitigate the threat in theory, but it illustrates the importance of running vulnerability scans and acting on findings at least every 30 days if not more frequently,” says Mark Kedgley, CTO of New Net Technologies. The potential disruption of those scans, he says, must be weighed against the operational requirements of 24 x 7 organizations like hospitals.

Dark Reading will continue to follow this story.

For more, read here.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

Recommended Reading:

More Insights


Continue Reading

Cyber Security

Incident Of The Week: Equinix Is The Latest In A Long Line Of Ransomware Victims




[Records Exposed: Undisclosed  |  Industry: Internet  |  Type Of Attack: Ransomware]

Equinix is the latest victim in a long line of ransomware targets. The data center and colocation service provider released a short statement on September 9 that read,

“Equinix is currently investigating a security incident we detected that involves ransomware on some of our internal systems. Our teams took immediate and decisive action to address the incident, notified law enforcement and are continuing to investigate. Our data centers and our service offerings, including managed services, remain fully operational, and the incident has not affected our ability to support our customers. Note that as most customers operate their own equipment within Equinix data centers, this incident has had no impact on their operations or the data on their equipment at Equinix. The security of the data in our systems is always a top priority and we intend to take all necessary actions, as appropriate, based on the results of our investigation.”

The threat actors are demanding $4.5 million in exchange for a decryptor and the promise that they won’t release stolen data. However, Equinix updated their statement on September 14 to reiterate that customers’ data and operations remain safe.

Related: Cyber Security Standards and Frameworks

It appears the guilty party is the young cybercriminal group known as NetWalker who first burst on the scene in August of 2019. Their success lies in their ability to automate ransomware attacks, including a countdown clock and prefab ransom note that populates at just the right time during the operation. Ransomware-as-a-Service (RaaS) poses an increasing threat across the cyber security landscape, as it allows inexperienced or less technical hackers purchase the automation software needed to execute such a hack.

With NetWalker acting as the gatekeeper, hacker groups go through a screening process before gaining access to a web portal that holds NetWalker’s ransomware, which can then be customized to fit their specific needs. NetWalker’s commission of 20% has earned the group $25 million between March 1 and July 27.

Lessons Learned:

If it seems like ransomware attacks have been in the news a lot lately, it’s because they have. In fact, a report by Coalition discovered that in the first half of 2020, 41% of cyber insurance claims were ransomware incidents. It was also reported that, while ransomware attacks are becoming slightly less frequent, their rate of success and size of target are growing. In other words, the increasingly sophisticated strategies of these threat actors poses real risks to even the most developed enterprise.

Related: How To Preemptively Track Phishing Campaigns

While ransomware attacks are specific in their execution, the vulnerabilities exploited to make them possible are the same as most other cyber threats. Specifically, 54% of cyber attacks are achieved through email (malware) and phishing schemes.

Quick Tips:  

Ransomware attacks rely in part on lax cyber protocols. In order to best safeguard your enterprise from this growing threat, consider the following:

  1. Back up data smartly – One of the ways cyber criminals convince corporations to pay ransoms is by holding their data hostage by encrypting it. While most enterprises back up their data, it is often located in the same compromised infrastructure the original data. Consider backing up data to external drives or a second cloud service provider.
  2. Choose a reputable security suite – Standard antivirus software and basic firewalls may be sufficient for the layperson, but enterprises should invest in a security suite that uses smart tools and sophisticated algorithms to spot and, if possible, remove ransomware. The tool must be able to run in the background 24/7.
  3. Install Software Updates – Cyber criminals look for the path of least resistance. Such a path is usually found in outdated software that hasn’t downloaded the most up-to-date patches, bug fixes, and other newly designed features. Remember to keep all apps, plug-ins, and third-party software up to date as well.

Read More: Incident Of The Week


Continue Reading
AR/VR9 hours ago

Microsoft to Acquire Bethesda’s Parent Company ZeniMax for $7.5B

AI11 hours ago

IoT: Is It a Technological Revolution or A curse?

AR/VR11 hours ago

Osso VR Secures $14M Investment to Further Develop VR Surgical Training Platform

AR/VR12 hours ago

Emergency Preparedness for Virtual Community

AR/VR12 hours ago

Univet VisionAR, a certified Smartglass for industrial use

Automotive13 hours ago


Blockchain2 days ago

Ethereum: Is the HODLing in yet?

Nano Technology2 days ago

Physicists make electrical nanolasers even smaller

Nano Technology2 days ago

Nano-microscope gives first direct observation of the magnetic properties of 2D materials: Discovery means new class of materials and technologies

Nano Technology2 days ago

Who stole the light? Self-induced ultrafast demagnetization limits the amount of light diffracted from magnetic samples at soft x-ray energies

Blockchain2 days ago

Brace for it – Bitcoin Futures may be nearing a tipping point

Blockchain2 days ago

Tron, Synthetix, VeChain Price Analysis: 19 September

Blockchain2 days ago

Here’s why Bitcoin’s ‘distracting’ volatility actually helps

Blockchain2 days ago

Stellar Lumens, NEM, Maker Price Analysis: 19 September

AR/VR2 days ago

Someone Remade ‘Among Us’ in VR and It’s Strangely More Fun Than the Original

AR/VR3 days ago

Virtual Tours: The Key to a Successful School Marketing Plan

Crowdfunding3 days ago

Spanish Financial Giant BBVA’s US Division Recognized as one of the Best Corporate Digital Banks in North America

Gaming3 days ago

Evening Reading – September 18, 2020

AI3 days ago

7 Awe Inspiring AI Techs That Transformed The Digital World

Entrepreneur3 days ago

100X.VC Unveils Its Class 02 Investments

Payments3 days ago

Here’s how Nasdaq-listed MicroStrategy went about buying $175m in Bitcoin

Esports3 days ago

Lenovo Legion Sponsors G2 Esports as Hardware Partner

CNBC3 days ago

Supreme Court Justice Ruth Bader Ginsburg dies at age 87

Energy3 days ago

Shanghai Electric Showcases Smart Energy Solution at China International Industrial Expo on World’s Clean Up Day

Entrepreneur3 days ago

Preventive Healthcare Market Dilating in India

Cannabis3 days ago

5 weed products Tommy Chong can’t live without

Gaming3 days ago

Shacknews Twitch Highlights: Rocket League, Fight Crab, and Quest 64

Entrepreneur3 days ago

More gets 275 Crore INR From Amazon, Samara Capital

Big Data3 days ago

TikTok filed a complaint against Trump administration to block U.S. ban: Bloomberg News

Blockchain3 days ago

Seoul Police Summons Bithumb Chairman For Interrogation

Cyber Security3 days ago

6 Crucial password security tips for everyone

CNBC3 days ago

‘Thank you, RBG’: Leaders react with sadness, shock to Ruth Bader Ginsburg’s death

Gaming3 days ago

Shack Chat: What’s your reaction to the September PlayStation 5 Showcase?

Cleantech3 days ago

Ford Mustang Mach-E Easily Goes 300+ Miles In Norway

Gaming3 days ago

Apple and Sony Events – The TouchArcade Show #462

Esports3 days ago

Here’s the schedule for the 2020 League of Legends World Championship

Gaming3 days ago

Weekend PC Download Deals for Sept. 18: Steam Pirate Sale

Gaming3 days ago

Shacknews Dump – September 18, 2020

Crowdfunding3 days ago

India-Based Insurtech ACKO Secures $60 Million Through Latest Funding Round Led By Munich Re Ventures

Crowdfunding3 days ago

Google Temporarily Removes Paytm Mobile App from Play Store Due to Supposedly Being in Violation For Gambling