Sister CISA CISSP

Aug 20 2009   3:42PM GMT

Points to Ponder: Reviewing the “SoupNazi” Activities



Posted by: Arian Eigen Heald
Tags:
Admins and Auditors
Data Breaches
information security
PCI

By now I’m sure you’ve heard that Albert Gonzalez is being charged with the attacks on Hannaford, Heartland, 7-Eleven, etc. In between all the excited reporting, are some points that admins and auditors ought to pay attention to. We ought to ponder how this attack is different from attacks in the past, and why this attack was so successful.

1. Using a “team.” Most of his team have not been captured, residing as they may somewhere overseas. Using a multiple talent set across several different technical approaches increases the chances of success. This is becoming more and more common, especially with ATM break ins.

2. They used SQL-injection attacks. This isn’t new, but all of these folks were having quarterly scans from external vendors as part of PCI compliance. Why didn’t the scans catch the injection vulnerabilities? Makes you want to take another look at the scanning company you may be using, doesn’t it?

3. They broke in via wireless. Anyone still using WEP out there – it’s now trivial to crack the protocol, and someone will certainly do it if you offer it up.

4. There’s a big market for those credit cards and the people that can get to them. Over 130 million cards made him a LOT of money.

And we still don’t know “exactly” how he was caught, do we?

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: