• Home
• Business
  • Trends and Profile
  • Upgrades/Downgrades
• Tech and Web
• Reviews and Resources
  • Ranking
    • Top Business Software
    • Utilities software
  • Research paper
• About
  • CEOWORLD Awards
  • Advertise
  • RSS feeds
• Jobs
• Publications
  • The Report Poland 2010
  • Investor’s Guidebook to POLAND
• Top Lists
• Reports
• Market

Tech and Web NEWS

Review on Master Hacker Albert Gonzalez: SQL injection attacks- led to Heartland, Hannaford, 7-Eleven breaches

By Amarendra BhushancloseAuthor: Amarendra Bhushan Name: Amarendra Bhushan
Email: abdhiraj@gmail.com
Site: http://ceoworld.biz/ceo/
About: A journalist, blogger and serial entrepreneur known for his work as Founder and CEO of ceoworld.biz and as editor of CEOWORLD MagazineSee Authors Posts (2128) for CEOWORLD Magazine Updated:August 19, 2009

Get CEOWORLD Magazine digital monthly version. special- Top Capital Cities for a business Traveler, # Interview with Minister of Tourism of Greece. 1 Issues Subscription= $1 Only, 10 Issues Subscription= $5 Only. Grab your copy now!!!!

A Miami man Albert Gonzalez and two Russian accomplices are being indicted for allegedly stealing 130 million credit and debit cards numbers, the largest identity theft in history.

The companies compromised by the alleged hackers are known for being compromised in some of the biggest data breaches in recent years have been reported. They include: Heartland Payment Systems, 7-Eleven, and Hannaford Brothers.

Gonzalez was also indicted last year: he has been tied to other large data theft cases including the theft of more than 40 million credit card numbers from T.J. Maxx parent TJX (TJX) , OfficeMax (OMX), Barnes & Nobles (BN) and other companies last summer as well as the theft of thousands of cards from Dave & Busters in 2007.

He avoided a conviction for credit card theft in 2003 by turning informant for the US secret service, but then allegedly resumed a life of crime.

The previous largest incidence of stolen credit card data was suffered by retailer TJX, in a 2006 case that involved more than 45m cards. While many of the credit card details stolen from TJX were for inactive cards, the Heartland case involved the theft of real-time data as it was entered by cardholders, meaning that the accounts were all active.

• The team scanned lists of Fortune 500 companies and learned about their checkout counter machines (point-of-sale systems).
• Gonzales, known online by the nicknames “segvec,” “soupnazi” and “j4guar17
• He hacked five major companies, including Hannaford Bros. supermarkets, 7-Eleven and Heartland Payment Systems Inc., a credit-card processing company.
• The alleged thefts took place from October 2006 to May 2008.
• Using a SQL-injection attack, the hackers allegedly broke into the 7-Eleven network in August 2007, resulting in the theft of an undetermined amount of card data. They allegedly used the same kind of attack to infiltrate Hannaford Brothers in November 2007, which resulted in 4.2 million stolen debit and credit card numbers; and into Heartland on Dec. 26, 2007. Of the two unnamed national retailers mentioned in the affidavit, one was breached on Oct. 23, 2007, and the other sometime around January 2008.

According to prosecutors, Gonzalez and his associates exploited vulnerabilities that remain widespread. Among them: flaws in the way retailers’ computers handle requests in the so-called Structured Query Language (SQL), which is used to manage data — such as credit card information — stored in databases. Hackers who detect these holes can trick databases into coughing up more information than they should.

The vulnerability sometimes can be exploited as simply as entering a specially crafted command into, say, a search box on a badly configured Web site. Instead of returning normal search results, the site would surrender confidential information or allow a hacker to place malicious programs on the site.

Authorities allege Gonzalez and the others infiltrated the Heartland, Hannaford and 7-Eleven computer networks using SQL-based attacks.

7-Eleven Inc. said Tuesday that the theft of credit and debit card data at its stores as part of what is believed to be the biggest retail data breach in history occurred during a 12-day period in 2007.

The Dallas-based convenience store operator said the attack affected third-party ATMs in its stores from Oct. 28 through Nov. 8, 2007.

“Steps were immediately taken to contain the security breach and prevent any recurrence,” the company said.

The attack matches previously disclosed details of the same hackers stealing PINs from ATMs operated by Citibank inside 7-Elevens.

7-Eleven said it learned in late 2007 that a breach had occurred. “Card companies … then alerted the issuing financial institutions,” 7-Eleven said.

Each financial institution then contacted its customers about what actions to take, including getting new cards or putting card numbers on alert for fraud.

The indictment Monday of a hacker believed responsible for the breaches doesn’t necessarily make shoppers safer from having their credit card numbers plundered.

Albert Gonzalez of Miami, who once worked as a government mole tracking down identity thieves, is accused of playing a critical role in the theft of 130 million card numbers from payment processor Heartland Payment Systems, 4.2 million from the Hannaford Bros. grocery chain on the East Coast and an undetermined number from 7-Eleven.

Readers Rating:

(No Ratings Yet)

 Loading ...

Popularity:
171,710 views

Comments:
View Comments

Leave a Comment:

Tagged with: 7-Eleven, Barnes & No, Hannaford Bros., Heartland Payment Systems, Justice Department, OfficeMax, Perimeter eSecurities, SophosLabs, TJX, Top Layer Networks

Name (required)

Email Address (required)

Website

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

blog comments powered by Disqus

Submit News & Press Release for Free!

Market summary

Sign up now!

Advertisement!

Thank you!