Attacks/Breaches

1/23/2009
05:10 PM
50%
50%

Report: Law Enforcement Closing In On Heartland Breach Perpetrator

Secret Service, DoJ reportedly pinpoint location of cybercriminal outside North America

The Secret Service has identified the prime suspect in the Heartland Payment Systems security breach, and the case has been turned over to the U.S. Department of Justice, according to a news report issued today.

Citing a source "close to the investigation," the trade publication Storefront Backtalk is reporting that law enforcement is closing in on the Heartland data thieves. The publication's source did not provide any additional information, but said the perpetrator's location has been "pinpointed" outside North America.

Heartland, which on Tuesday disclosed a massive data breach that potentially affects more than 100 million credit card transactions, did not make a statement about the law enforcement efforts, but it did issue a new statement on the case earlier today.

The statement from Robert Carr, founder, chairman, and CEO of Heartland Payment Systems, suggests the payment processing company might have found the problem sooner if there had been more sharing of security information among the companies in the market.

"I have talked to many payments leaders who are also concerned about the increasing success and frequency of cybercrime attacks," Carr said. "Up to this point, there has been no information sharing, thus empowering cybercriminals to use the same or slightly modified techniques over and over again. I believe that had we known the details about previous intrusions, we might have found and prevented the problem we learned of last week."

Heartland's goal is to turn this event into something positive, Carr said. "Just as the Tylenol crisis engendered a whole new packaging standard, our aspiration is to use this recent breach incident to help the payments industry find ways to protect its data -- and, therefore, businesses and consumers -- much more effectively."

Heartland's organization has "called on" more than 150,000 of its customers in the past three days, and has signed up 400 new merchants since the breach was disclosed, Carr said. As of 4 p.m. ET today, the company's stock was on the rise.

Many experts continue to speculate on why it took so long for Heartland to identify and disclose the breach. According to the Storefront Backtalk report, the payment processor revealed the breach was first discovered in late October or early November, whereas previous statements indicated that it was only in the fall. The company has had two outside forensics teams and the Secret Service working on the problem for more than two months, and yet the "sniffer" software used to collect the data was located only last week.

"It will be interesting to see how this incident pans out," says Rob Rachwald, Fortify's director of product marketing. "Our best guess is that the software was either installed by a sleeper, a rogue employee working inside the firm who passed the usual vetting procedures, or a direct systems attack followed by the insertion of a custom application on the processor's IT resources. "The $64,000 question, of course, is whether Heartland and the U.S. Secret Service will reveal the actual modus operandi of the fraudsters. I somehow think this will not happen." According to the news report, a Heartland spokesman did reveal that the sniffer software was "inactive" when it was finally discovered by the forensics experts. The spokesman did not say whether the software was inoperative, or simply dormant and waiting to be called on again by the criminals.

Other industry experts say the Heartland incident is a referendum on disclosure laws and on the Payment Card Industry Data Security Standard (PCI DSS), both of which were in effect at Heartland, but did not prevent the breach or the delay in reporting it.

"Congress needs to pass a data breach notification law that better protects consumer identities through stronger data security standards with strong encryption," says Bill Conner, president and CEO of data security vendor Entrust.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-1732
PUBLISHED: 2018-08-17
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sen...
CVE-2018-15356
PUBLISHED: 2018-08-17
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
CVE-2018-15357
PUBLISHED: 2018-08-17
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.
CVE-2018-15358
PUBLISHED: 2018-08-17
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
CVE-2018-15359
PUBLISHED: 2018-08-17
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.