By Kelly Jackson Higgins
Aug 18, 2009
The attacks that led to the mass theft of over 130 million credit and
debit card accounts may hold the record for the biggest overall breach
ever charged in the U.S., but the attackers used classic and well-known
methods that could have been thwarted, according to experts.
In the wake of the big news yesterday that one man is suspected to be
behind the biggest breaches ever charged in U.S. history, security
experts say the indictment of 28-year-old Albert Gonzalez, aka "segvec,"
"soupnazi," and "j4guar17," of Miami, Fla., revealed that Gonzalez and
his cohorts exploited vulnerabilities that are typically found in many
cybercrime cases --SQL injection, packet sniffing, and backdoor malware
designed to evade detection.
The indictment (PDF) revealed that Gonzalez, who previously had been
charged for his alleged role in the breach of TJX, BJ's Wholesale Club,
Barnes & Noble, and Dave & Buster's, has now also been indicted for
allegedly conspiring to break into computers and stealing credit and
debit card data from Heartland Payment Systems; 7-Eleven Inc., Hannaford
Brothers Co., and two other major national retailers whose names were
withheld in the filing.
While the attacks appear to be phased-in and coordinated, the attackers
didn't employ any hacks that the victim organizations could not have
defended against, experts say. SQL injection, for instance, is the most
commonly exploited flaw in Web attacks, according to data from the Web
Hacking Incident Database.
The attacks outlined in the indictment basically provide a roadmap for
how most breaches occur, says Robert Graham, CEO of Errata Security.
"This is how cybercrime is done," Graham says. "If there is a successful
attack against your company, this is roughly what the hackers will have
done. Thus, this should serve as a blueprint for your cyber defenses."
Subscribe to InfoSec News