Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Heartland heist could have been rogue software

Fortify : 23 January, 2009  (Technical Article)
Fortify speculates on the cause of the data breach of the Heartland Payment System and looks at how it could have been caused by a rogue employee or by a direct external attack on the system
Fortify Software says that the Heartland Payment Systems data breach - which could turn out to be largest data heist of its type in history - was probably the result of highly sophisticated software installed on the card processing firm's computer systems.

'It will be interesting to see how this incident pans out. Our best guess is that the software was either installed by a sleeper, a rogue employee working inside the firm who passed the usual vetting procedures, or a direct systems attack followed by the insertion of a custom application on the processor's IT resources,' said Rob Rachwald, Fortify's director of product marketing.

'The $64,000 question, of course, is whether Heartland and the US Secret Service, who are working with company staff on an investigation, will reveal the actual modus operandi of the fraudsters. I somehow think this will not happen,' he said.

According to Rachwald, assuming - as seems likely - the rogue software was inserted into Heartland's payment computers, the question of Secret Service staff lips will be `what happened to the security systems the card processor employs?'

Heartland, he explained, is the sixth largest card transaction processor in the US with around a quarter million businesses on its books, and processes 100 million transactions each month.

'Reports are also coming in that Forcht Bank, one of the top ten banks in Kentucky, has started reissuing more than eight thousand debit cards to customers, owing to its systems being compromised. If the two incidents are related as Secret Service and Department of Justice officials have intimated, then the card processing industry could have a major challenge on its hands,' he said.

'Both incidents seem unrelated, since Forcht uses a different transaction processor to Heartland. Unconfirmed reports also suggest that these two cases could be part of a much larger global scam, although that remains to be confirmed,' he added.

Rachwald went on to say that the authorities have been throwing everything they have at the Heartland data breach, with two forensic audit teams working at the New Jersey card processor since late last year, when Visa and MasterCard notified the company of suspicious activity. Forch Bank's transaction processor, Star, he added, is also investigating the source of its loss, data from which has been tapped to produce a number of cloned debit cards.

'It's good to see that Heartland has established a Web site to provide information about the incident to customers and other interested parties, but the authorities and the IT security industry in general is going to want to know how these incidents happened, and how they can be prevented from happening again in the future,' he said.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo