Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

2/17/2009
02:20 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Three Arrested For Using Stolen Heartland Credit Card Numbers

Heartland Payment Systems, which handles about 100 million payment transactions per month, reported in January that its network was compromised by malware in 2008.

Police in Florida last week arrested the three suspects alleged to have been using credit card numbers stolen from Heartland Payment Systems.

The Leon County Sheriff's Office, the Tallahassee Police Department, and the U.S. Secret Service announced the arrest of Tony Acreus, Jeremy Frazier, and Timothy Johns. They said that the three men had been using stolen credit cards numbers electronically written onto Visa Gift Cards to purchase over $100,000 in goods at local Wal-Mart stores. Those goods were allegedly sold for cash.

The law enforcement groups allege that the credit cards used "were stolen in an international computer hijacking of records from the Heartland Processing Center in New Jersey."

"This cooperative investigation between local and federal law enforcement has effectively shut down a complex and far-reaching criminal enterprise," said Sheriff Larry Campbell in a statement. "We will continue to work with our law enforcement partners to take these criminals off our streets."

A spokesperson for the Leon Country Sheriff's Office said he couldn't provide any information about whether any of the three individuals arrested played a role in penetrating Heartland's network. He said that the investigation is open and still active.

Heartland Payment Systems, a leading payment processing company, said last month that its network had been compromised by malware in 2008. The Princeton, N.J.-based company, which handles about 100 million transactions per month, hasn't disclosed the number of accounts exposed by the security breach. But assuming a multimonth exposure period, the breach has the potential to be the one of the largest on record, if not the largest.

A spokesperson for Heartland Payment Systems said the company was delighted to see progress being made in the case but was unable to provide any information about whether or not any of those arrested were involved in the actual breach last year.

The company also doesn't have any information to provide about how many accounts were compromised or about the duration of the breach. The spokesperson said he expected that the company would provide that information at a later stage in its investigation of the incident.

Since the breach was first reported, at least 15 civil lawsuits have been filed against the company by affected individuals and banks.


To fight cybercrime, enterprises are assembling forensic SWAT teams trained to locate high-risk threats, armed with the latest investigative software, and empowered to work directly with legal counsel to report breaches to law enforcement in accordance with policy. Find out more (registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
Ericka Chickowski, Contributing Writer,  12/2/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19647
PUBLISHED: 2019-12-09
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
CVE-2019-19648
PUBLISHED: 2019-12-09
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.