StorefrontBacktalk: Heartland Sniffer Hid In Unallocated Portion Of Disk
Evan Schuman, who first reported that the Secret Service has identified the person(s) responsible for the Heartland attack, writes more about the attack in his publication, StoreFront Backtalk.
He says that the sniffer malware used in the Heartland attack was cloaked in an unallocated portion of Heartland's server, which is a well-known tactic. What's unique in this type of attack is that it requires "tricking" the Operating System either by modifying the OS itself, or installing a modified device driver. Either way, one consultant said that the fact the hacker(s) got around the OS itself is a "scary mother."
SFBT also says in the article that Robert Baldwin, President and COO of Heartland, says they were contacted by V/MC in late October. It then took two weeks by two different forensic teams, (who , according to Heartland) were both about to issue a clean bill of health, to find some .tmp files in an unallocated portion of the disk drives, which turned out to be a by-product of the malware.
Finally, Evan Schuman addresses Heartland's decision to pursue End 2 End Encryption, questioning how feasible it is, given the cost, the amount of payment players that would have to participate, combined with the fact that it is the card brands themselves, who insist on dealing with unencrypted data.
This from StoreFront Backtalk:
The sniffer malware that surreptitiously siphoned tons of payment card data from card processor Heartland Payment Systems hid in an unallocated portion of a server’s disk. The malware, which was ultimately detected courtesy of a trail of temp files, was hidden so well that it eluded two different teams of forensic investigators brought in to find it after fraud alerts went off at both Visa and MasterCard, according to Heartland CFO Robert Baldwin.
Regarding end-to-end-encryption, Evan quotes Heartland CEO Bob Carr and explains the potential problem with it...
Evan Schuman, who first reported that the Secret Service has identified the person(s) responsible for the Heartland attack, writes more about the attack in his publication, StoreFront Backtalk.
He says that the sniffer malware used in the Heartland attack was cloaked in an unallocated portion of Heartland's server, which is a well-known tactic. What's unique in this type of attack is that it requires "tricking" the Operating System either by modifying the OS itself, or installing a modified device driver. Either way, one consultant said that the fact the hacker(s) got around the OS itself is a "scary mother."
SFBT also says in the article that Robert Baldwin, President and COO of Heartland, says they were contacted by V/MC in late October. It then took two weeks by two different forensic teams, (who , according to Heartland) were both about to issue a clean bill of health, to find some .tmp files in an unallocated portion of the disk drives, which turned out to be a by-product of the malware.
Finally, Evan Schuman addresses Heartland's decision to pursue End 2 End Encryption, questioning how feasible it is, given the cost, the amount of payment players that would have to participate, combined with the fact that it is the card brands themselves, who insist on dealing with unencrypted data.
This from StoreFront Backtalk:
The sniffer malware that surreptitiously siphoned tons of payment card data from card processor Heartland Payment Systems hid in an unallocated portion of a server’s disk. The malware, which was ultimately detected courtesy of a trail of temp files, was hidden so well that it eluded two different teams of forensic investigators brought in to find it after fraud alerts went off at both Visa and MasterCard, according to Heartland CFO Robert Baldwin.
Regarding end-to-end-encryption, Evan quotes Heartland CEO Bob Carr and explains the potential problem with it...
"Heartland CEO Robert Carr said in a statement. “Nevertheless, I believe the development and deployment of end-to-end encryption will provide us the ability to implement increasing levels of security protection as they become needed.”
End-to-end encryption is far from a new approach. But the flaw in today’s payment networks is that the card brands insist on dealing with card data in an unencrypted state, forcing transmission to be done over secure connections rather than the lower-cost Internet. This approach avoids forcing the card brands to have to decrypt the data when it arrives."
Read Evan Schuman's complete article here
0 comments