How did Albert Gonzalez and his alleged co-conspirators access all that credit and debit card data with so much ease?
Gonzalez and the two other men indicted Monday for their role in the thefts of more than 130 million credit and debit card numbers allegedly spun a web of cybercrime and deceit that affected, among other corporate entities, Heartland Payment Systems, Hannaford Bros. and 7-Eleven. And as further details emerge in what U.S. authorities are calling the largest known incident of hacking and malware to extract credit and debit card numbers. The group communicated through instant message and also used sniffers to absorb card data rapidly. The computers they used were based in California, Illinois, New Jersey, Latvia, Ukraine and the Netherlands.
They were also able to stay ahead of corporate cybersecurity, as the indictment description indicates: "They allegedly accessed the corporate websites only through intermediary, or "proxy," computers, thereby disguising their own whereabouts. They also tested their malware by using approximately twenty of the leading anti-virus products to determine if any of those products would detect their malware as potentially unwanted. Furthermore, they programmed their malware to actively delete traces of the malware's presence from the corporate victims' networks."
The methods used by Gonzalez and his team weren't all that sophisticated, either; the long and short of it is that they were able to exploit end users that didn't know how poor their security was, according to security experts .%20
" a hacker and demonstrates that those corporate victims will actively defend their systems," said Ralph J. Marra Jr., acting U.S. attorney, in the statement released with the indictment.
Gonzalez and the two other men indicted Monday for their role in the thefts of more than 130 million credit and debit card numbers allegedly spun a web of cybercrime and deceit that affected, among other corporate entities, Heartland Payment Systems, Hannaford Bros. and 7-Eleven. And as further details emerge in what U.S. authorities are calling the largest known incident of hacking and malware to extract credit and debit card numbers. The group communicated through instant message and also used sniffers to absorb card data rapidly. The computers they used were based in California, Illinois, New Jersey, Latvia, Ukraine and the Netherlands.
They were also able to stay ahead of corporate cybersecurity, as the indictment description indicates: "They allegedly accessed the corporate websites only through intermediary, or "proxy," computers, thereby disguising their own whereabouts. They also tested their malware by using approximately twenty of the leading anti-virus products to determine if any of those products would detect their malware as potentially unwanted. Furthermore, they programmed their malware to actively delete traces of the malware's presence from the corporate victims' networks."
The methods used by Gonzalez and his team weren't all that sophisticated, either; the long and short of it is that they were able to exploit end users that didn't know how poor their security was, according to security experts .%20
" a hacker and demonstrates that those corporate victims will actively defend their systems," said Ralph J. Marra Jr., acting U.S. attorney, in the statement released with the indictment.
No comments:
Post a Comment