Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Heartland Hackers Caught; Answers and Questions

Aug 18, 2009, 20:02 (0 Talkback[s])

"To summarize the security issues:

"The attacks on Hannaford, Heartland, 7-Eleven, and the other 2 retailers used SQL injection as the primary vector. In at least some cases, it was not SQL injection of the transaction network, but another system used to get to the transaction network.

"In at least some cases custom malware was installed, which indicates either command execution via the SQL injection, or XSS via SQL injection to attack internal workstations . We do not yet know the details.

"The custom malware did not trigger antivirus, deleted log files, sniffed the internal network for card numbers, scanned the internal network for stored data, and exfiltrated the data. The indictment doesn't reveal the degree of automation, or if it was more manually controlled (shell)."

Recent Breaches- We May Have All the Answers speculates on the platforms and attack methods.

Complete Story

Related Stories: