AOH :: ISNQ5312.HTM

Mega-Breaches Employed Familiar, Preventable Attacks

Mega-Breaches Employed Familiar, Preventable Attacks
Mega-Breaches Employed Familiar, Preventable Attacks


http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=219400495 

By Kelly Jackson Higgins
DarkReading
Aug 18, 2009

The attacks that led to the mass theft of over 130 million credit and 
debit card accounts may hold the record for the biggest overall breach 
ever charged in the U.S., but the attackers used classic and well-known 
methods that could have been thwarted, according to experts.

In the wake of the big news yesterday that one man is suspected to be 
behind the biggest breaches ever charged in U.S. history, security 
experts say the indictment of 28-year-old Albert Gonzalez, aka "segvec," 
"soupnazi," and "j4guar17," of Miami, Fla., revealed that Gonzalez and 
his cohorts exploited vulnerabilities that are typically found in many 
cybercrime cases --SQL injection, packet sniffing, and backdoor malware 
designed to evade detection.

The indictment (PDF) revealed that Gonzalez, who previously had been 
charged for his alleged role in the breach of TJX, BJ's Wholesale Club, 
Barnes & Noble, and Dave & Buster's, has now also been indicted for 
allegedly conspiring to break into computers and stealing credit and 
debit card data from Heartland Payment Systems; 7-Eleven Inc., Hannaford 
Brothers Co., and two other major national retailers whose names were 
withheld in the filing.

While the attacks appear to be phased-in and coordinated, the attackers 
didn't employ any hacks that the victim organizations could not have 
defended against, experts say. SQL injection, for instance, is the most 
commonly exploited flaw in Web attacks, according to data from the Web 
Hacking Incident Database.

The attacks outlined in the indictment basically provide a roadmap for 
how most breaches occur, says Robert Graham, CEO of Errata Security. 
"This is how cybercrime is done," Graham says. "If there is a successful 
attack against your company, this is roughly what the hackers will have 
done. Thus, this should serve as a blueprint for your cyber defenses."

[...]


________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org

Site design & layout copyright © 1986- CodeGods