Between TJ Max and Heartland Payment Systems, cyber thieves compromised a quarter of a million credit card numbers. Court records from the trial of Albert Gonzalez, a hacker that plead guilty to fraud and conspiracy charges in both cases, reveal just how easily the thieves behind these breaches were able to obtain the information.
Cyber Criminal Technique #1: War Driving
War driving means “cruising” for WiFi signals. Once detected, cybercriminals use FREE password-breaking software to intercept the signal broadcasting from any home or business.
Monitoring WiFi networks over time, cyberthieves can establish a virtual private network and connect directly to a server or database.
Cyber Criminal Technique #2: SQL Injection
SQL injections are a popular way for cybercriminals to get inside “protected networks”. In a SQL injection attack, the hacker types random characters into a web form, such as a log in page. The attack may be carried out manually or using a robot to penetrate the form. Once inside, hackers can gain access to databases containing sensitive, personal information.
War driving and SQL injection attacks are the means to a cyber criminal’s end. Once the target server is breached, he or she implants a “sniffer” program. (Sniffers are widely available for free, and they are capable of logging all traffic moving across a network). Savvy hackers have devised and sell sniffers designed specifically to detect and record credit and debit card information.
Wade Baker, Verizon Business’ principal researcher told USA Today, it takes five to six months (on average) before companies detect cybercrimes of this nature. In the vast majority of cases he has researched, cyberthieves spent days after the initial breach to locate databases with the most valuable information, then methodically extracted the sensitive data for weeks or years before being detected. He warns, “Many organizations right now have breaches they don’t know about and won’t discover for some time to come.”
The Identity Theft Resource Center (ITRC) has investigated about 400 incidents consisting of over 220 million exposed records so far this year. The list of victims proves that lengthy and destructive breaches are not reserved for global enterprise. SMBs, particularly businesses that provide retail, financial, and healthcare services are prime targets.
“The highly available and free nature of the tools necessary to carry out war driving and SQL injection attacks means novice hackers are capable of producing devastating breaches. Achieving PCI Compliance and partnering with a hosting partner that provides security will help prevent you from making the ITRC’s list,” advises Chris Drake, CEO and Founder of FireHost.
This entry was posted on Friday, October 16th, 2009 at 9:00 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
