Heartland Payment Systems Breach – Why it likely happened
You may have heard about the recent large data breach withHeartland Payment Systems in which hackers planted malware to specificallycapture TRACK 2 information along with credit card data; subsequently using itin a fraudulent manner, later discovering that the breach had been presentsince fall of 2008. In this case the only way in which Heartland detected thebreach was through an alert they received from Visa / Mastercard in regards tosuspicious charges linked to Heartland Payment Systems. I cautioned of the high probability of this occurring on moreof a regular basis in August 2008 in an article published in the InformationSecurity Systems Association (ISSA) Journal titled “Breaching Wireless POS Networks”and in an article published in CIO Magazine and ISC2 Journal titled “Anatomyof a Data Breach: A Global Perspective”. The major points that I stressed in the above articles mainlyhad to do with focusing efforts on securing / hardening the systems themselves,not just encrypting communications as recommended by PCI standards. Essentiallyif the system itself is vulnerable to attack – meaning unpatched, out-of-dateor ineffective AV or other security miss-configurations – a hacker can simplyplant malware that will reside within the communications channel to interceptdata before it is encrypted; this way the hacker can intercept the informationthat is being entered or transmitted (before encryption) from the terminal in a‘live’ fashion as opposed to attacking data that is already in transmissionthat likely will be encrypted and already secure. This is the weakest link herefolks.What we will likely find in common with these types of breaches: The payment processing systems ‘themselves’ wereprobably not as secure as one would think, the primary focus from a securityperspective was put on encrypting data in motion; what we will see here issystems that could contain the following: not frequently patched, ineffectiveAV, password policy is not complex enough, services are not locked down, amonga host of other things. Lack of audit controls to monitor for suspiciousactivity inside the network originating from the POS terminals to the payment processing systems.
original article
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.