Security Breaches and Cyber-crime

Published on 02 May 2010 by in security

0

In popular fiction, the computer criminal is often a daring rogue who thwarts authorities as an act of civil disobedience. In reality, computer criminals are thugs seeking to steal or destroy that which does not belong to them. The case of Albert Gonzalez, confessed hacker, and Heartland Payment Systems, Inc. provides are compelling example of the costly results of computer crime.

Heartland Payment Systems, Inc. is a payment processing company that handles credit and debit cards for many major retail companies, including J.C. Penney, 7-Eleven, OfficeMax, Barnes & Noble, Sports Authority, and others. (Major international hacker pleads guilty to charges stemming from massive attack on retailers and banks.2010) As a payment processor, Heartland processed credit and debit card transactions between retailers and major financial organizations such as VISA and American Express. (Major international hacker pleads guilty to charges stemming from massive attack on retailers and banks.2010)

Albert Gonzalez and his accomplices utilized several techniques, including war-driving and SQL injection, to gain illegal access to data. Once a wireless network was compromised, Gonzalez would identify and attack databases, searching for valuable information, such as credit and debit cards. Upon success, the criminals would upload data to servers that Gonzalez operated. (Major international hacker pleads guilty to charges stemming from massive attack on retailers and banks.2010; TJX hacker receives multiple sentences for data breaches.2010; Feigelson & Calman, 2010) Gonzalez tested and validated his malicious software to ensure that the code was difficult to detect using anti-virus software. He also leased his servers to other criminals and sold stolen information. (TJX hacker receives multiple sentences for data breaches.2010) In total, Gonzalez stole, “tens of millions of credit and debit card numbers, affecting more than 250 financial institutions.” (Major international hacker pleads guilty to charges stemming from massive attack on retailers and banks.2010)

In 2009 and 2010, Gonzalez pled guilty to numerous state and federal charges in association with his crimes. Gonzalez faces up to 25 years in federal prison for his role in the data thefts. As reported in, “The Computer & Internet Lawyer,” the federal plea was for, “19 counts of conspiracy, computer fraud, wire fraud, access device fraud, and aggravated identity theft.” (Major international hacker pleads guilty to charges stemming from massive attack on retailers and banks, 2010) The costs to Heartland Payment Systems, Inc. and Heartland’s customers and associated consumers have been substantial. Heartland agreed to pay $60 million to VISA, $3.6 million to American Express, and $2.4 million to cardholders. (Boyer, 2010) However, the extent of damages are difficult to ascertain and likely to exceed these amounts. As Paul McNamara states, “it [is] indicative of there being yet more Heartland time bombs ticking out there; little stashes of card numbers just waiting to be used by your more patient criminals.” (MCNAMARA, 2010)

As more and more of the world’s financial transactions occur online, criminals and criminal organizations will seek to leverage technology to commit their crimes. Unfortunately, just as computers and the Internet enable incredible productivity for legal pursuits, illegal pursuits are similarly amplified. Security of information and systems becomes an essential feature under these conditions.

References

Boyer, M. (2010). 97% of visa issuers accept heartland settlement offers. CardLine, 10(6), 37-37.  Retrieved from http://ezproxy.library.capella.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=47993787&site=ehost-live&scope=site

Feigelson, J., & Calman, C. (2010). Liability for the costs of phishing and information theft. Journal of Internet Law, 13(10), 1-26.  Retrieved from http://ezproxy.library.capella.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=48870427&site=ehost-live&scope=site

Major international hacker pleads guilty to charges stemming from massive attack on retailers and banks. (2010). Computer & Internet Lawyer, 27(3), 29-30.  Retrieved from http://ezproxy.library.capella.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=48238379&site=ehost-live&scope=site

McNamara, P. (2010). No one can duck heartland fallout until it ends. Network World, 27(7), 34-34.  Retrieved from http://ezproxy.library.capella.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=49178903&site=ehost-live&scope=site

TJX hacker receives multiple sentences for data breaches. (2010). ISO & Agent, 6(12), 3-3.  Retrieved from http://ezproxy.library.capella.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=49007418&site=ehost-live&scope=site

Comments are closed.

PHVsPjxsaT48c3Ryb25nPndvb19hZHNfcm90YXRlPC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19hZF9jb250ZW50X2Fkc2Vuc2U8L3N0cm9uZz4gLSA8L2xpPjxsaT48c3Ryb25nPndvb19hZF9jb250ZW50X2Rpc2FibGU8L3N0cm9uZz4gLSB0cnVlPC9saT48bGk+PHN0cm9uZz53b29fYWRfY29udGVudF9pbWFnZTwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbS9hZHMvd29vdGhlbWVzLTQ2OHg2MC0yLmdpZjwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX2NvbnRlbnRfdXJsPC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tPC9saT48bGk+PHN0cm9uZz53b29fYWRfaW1hZ2VfMTwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbS9hZHMvd29vdGhlbWVzLTEyNXgxMjUtMS5naWY8L2xpPjxsaT48c3Ryb25nPndvb19hZF9pbWFnZV8yPC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tL2Fkcy93b290aGVtZXMtMTI1eDEyNS0yLmdpZjwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX2ltYWdlXzM8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb20vYWRzL3dvb3RoZW1lcy0xMjV4MTI1LTMuZ2lmPC9saT48bGk+PHN0cm9uZz53b29fYWRfaW1hZ2VfNDwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbS9hZHMvd29vdGhlbWVzLTEyNXgxMjUtNC5naWY8L2xpPjxsaT48c3Ryb25nPndvb19hZF91cmxfMTwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbTwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX3VybF8yPC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tPC9saT48bGk+PHN0cm9uZz53b29fYWRfdXJsXzM8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb208L2xpPjxsaT48c3Ryb25nPndvb19hZF91cmxfNDwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbTwvbGk+PGxpPjxzdHJvbmc+d29vX2FsdF9zdHlsZXNoZWV0PC9zdHJvbmc+IC0gYmx1ZXllbGxvdy5jc3M8L2xpPjxsaT48c3Ryb25nPndvb19hdXRvX2ltZzwvc3Ryb25nPiAtIGZhbHNlPC9saT48bGk+PHN0cm9uZz53b29fYmxvZ19jYXRfaWQ8L3N0cm9uZz4gLSA5PC9saT48bGk+PHN0cm9uZz53b29fYmxvZ19uYXZpZ2F0aW9uPC9zdHJvbmc+IC0gdHJ1ZTwvbGk+PGxpPjxzdHJvbmc+d29vX2Jsb2dfbmF2aWdhdGlvbl9mb290ZXI8L3N0cm9uZz4gLSB0cnVlPC9saT48bGk+PHN0cm9uZz53b29fYmxvZ19wZXJtYWxpbms8L3N0cm9uZz4gLSAvY2F0ZWdvcnkvYmxvZzwvbGk+PGxpPjxzdHJvbmc+d29vX2Jsb2dfc2lkZWJhcjwvc3Ryb25nPiAtIEJsb2cgUGFnZXM8L2xpPjxsaT48c3Ryb25nPndvb19ibG9nX3N1Ym5hdmlnYXRpb248L3N0cm9uZz4gLSBmYWxzZTwvbGk+PGxpPjxzdHJvbmc+d29vX2JyZWFkY3J1bWJzPC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19jdXN0b21fY3NzPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fY3VzdG9tX2Zhdmljb248L3N0cm9uZz4gLSBodHRwOi8vd3d3LmJ6YXVnZy5jb20vd3AtY29udGVudC93b29fdXBsb2Fkcy8xMC1mYXZpY29uLnBuZzwvbGk+PGxpPjxzdHJvbmc+d29vX2Rpc2NsYWltZXI8L3N0cm9uZz4gLSDCqSBDb3B5cmlnaHQgMjAxMCBCcmlhbiBaYXVnZy4gQWxsIHJpZ2h0cyByZXNlcnZlZC4NCjxicj4NCig1MjApNzYyLTQ5NjINCjxicj4NCjxhIGhyZWY9bWFpbHRvOmJyaWFuQGJ6YXVnZy5jb20+YnJpYW5AYnphdWdnLmNvbTwvYT48L2xpPjxsaT48c3Ryb25nPndvb19leGNsdWRlX3BhZ2VzX2Zvb3Rlcjwvc3Ryb25nPiAtIDcwLDYxLDU4LDQ4LDI1MjwvbGk+PGxpPjxzdHJvbmc+d29vX2V4Y2x1ZGVfcGFnZXNfbWFpbjwvc3Ryb25nPiAtIDcwLDYxLDU4LDQ4LDI1MjwvbGk+PGxpPjxzdHJvbmc+d29vX2V4Y2x1ZGVfcGFnZXNfc3VibmF2PC9zdHJvbmc+IC0gNzAsNjEsNTgsNDgsMjUyPC9saT48bGk+PHN0cm9uZz53b29fZmVhdF9oZWlnaHQ8L3N0cm9uZz4gLSAyMTA8L2xpPjxsaT48c3Ryb25nPndvb19mZWF0X3dpZHRoPC9zdHJvbmc+IC0gMjgwPC9saT48bGk+PHN0cm9uZz53b29fZmVlZGJ1cm5lcl91cmw8L3N0cm9uZz4gLSBodHRwOi8vZmVlZHMuZmVlZGJ1cm5lci5jb20vaXRicmlhbjwvbGk+PGxpPjxzdHJvbmc+d29vX2dvb2dsZV9hbmFseXRpY3M8L3N0cm9uZz4gLSA8L2xpPjxsaT48c3Ryb25nPndvb19ob21lcGFnZTwvc3Ryb25nPiAtIGxheW91dC1kZWZhdWx0LnBocDwvbGk+PGxpPjxzdHJvbmc+d29vX2hvbWVfc2lkZWJhcjwvc3Ryb25nPiAtIEhvbWVwYWdlPC9saT48bGk+PHN0cm9uZz53b29faW5jX2ludHJvX3BhZ2U8L3N0cm9uZz4gLSBmYWxzZTwvbGk+PGxpPjxzdHJvbmc+d29vX2luY19pbnRyb19wYWdlX2xlZnQ8L3N0cm9uZz4gLSBmYWxzZTwvbGk+PGxpPjxzdHJvbmc+d29vX2luY19pbnRyb19wYWdlX3JpZ2h0PC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19pbmNfdGFiYmVyX3BhZ2VzPC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19pbnRyb19wYWdlPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29faW50cm9fcGFnZV9sZWZ0PC9zdHJvbmc+IC0gMjUyPC9saT48bGk+PHN0cm9uZz53b29faW50cm9fcGFnZV9yaWdodDwvc3Ryb25nPiAtIDU4PC9saT48bGk+PHN0cm9uZz53b29fbG9nbzwvc3Ryb25nPiAtIGh0dHA6Ly93d3cuYnphdWdnLmNvbS93cC1jb250ZW50L3dvb191cGxvYWRzLzEyLWxvZ29uYW1lLXRyYW5zLnBuZzwvbGk+PGxpPjxzdHJvbmc+d29vX21hZ19mZWF0dXJlZDwvc3Ryb25nPiAtIFNlbGVjdCBhIG51bWJlcjo8L2xpPjxsaT48c3Ryb25nPndvb19tYWdfc2Vjb25kYXJ5PC9zdHJvbmc+IC0gU2VsZWN0IGEgbnVtYmVyOjwvbGk+PGxpPjxzdHJvbmc+d29vX21hbnVhbDwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbS9zdXBwb3J0L3RoZW1lLWRvY3VtZW50YXRpb24vdGhlLXN0YXRpb24vPC9saT48bGk+PHN0cm9uZz53b29fcGFnZV9zaWRlYmFyPC9zdHJvbmc+IC0gSW5uZXIgUGFnZXM8L2xpPjxsaT48c3Ryb25nPndvb19yZXNpemU8L3N0cm9uZz4gLSB0cnVlPC9saT48bGk+PHN0cm9uZz53b29fc2hvcnRuYW1lPC9zdHJvbmc+IC0gd29vPC9saT48bGk+PHN0cm9uZz53b29fc2xpZGVyPC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19zbWFsbHRodW1iX2hlaWdodDwvc3Ryb25nPiAtIDQyPC9saT48bGk+PHN0cm9uZz53b29fc21hbGx0aHVtYl93aWR0aDwvc3Ryb25nPiAtIDU2PC9saT48bGk+PHN0cm9uZz53b29fc3VibmF2PC9zdHJvbmc+IC0gdHJ1ZTwvbGk+PGxpPjxzdHJvbmc+d29vX3RhYmJlcl9wYWdlczwvc3Ryb25nPiAtIDcwLDYxLDU4LDQ4PC9saT48bGk+PHN0cm9uZz53b29fdGhlbWVuYW1lPC9zdHJvbmc+IC0gVGhlIFN0YXRpb248L2xpPjxsaT48c3Ryb25nPndvb190aGVfY29udGVudDwvc3Ryb25nPiAtIGZhbHNlPC9saT48bGk+PHN0cm9uZz53b29fdGh1bWJfaGVpZ2h0PC9zdHJvbmc+IC0gNzY8L2xpPjxsaT48c3Ryb25nPndvb190aHVtYl93aWR0aDwvc3Ryb25nPiAtIDEwMDwvbGk+PGxpPjxzdHJvbmc+d29vX3R3aXR0ZXI8L3N0cm9uZz4gLSBpdGJyaWFuPC9saT48bGk+PHN0cm9uZz53b29fdXBsb2Fkczwvc3Ryb25nPiAtIGE6MTA6e2k6MDtzOjY2OiJodHRwOi8vd3d3LmJ6YXVnZy5jb20vd3AtY29udGVudC93b29fdXBsb2Fkcy8xMi1sb2dvbmFtZS10cmFucy5wbmciO2k6MTtzOjY2OiJodHRwOi8vd3d3LmJ6YXVnZy5jb20vd3AtY29udGVudC93b29fdXBsb2Fkcy8xMS1sb2dvbmFtZS10cmFucy5wbmciO2k6MjtzOjU5OiJodHRwOi8vd3d3LmJ6YXVnZy5jb20vd3AtY29udGVudC93b29fdXBsb2Fkcy8xMC1mYXZpY29uLnBuZyI7aTozO3M6NTg6Imh0dHA6Ly93d3cuYnphdWdnLmNvbS93cC1jb250ZW50L3dvb191cGxvYWRzLzktZmF2aWNvbi5wbmciO2k6NDtzOjY1OiJodHRwOi8vd3d3LmJ6YXVnZy5jb20vd3AtY29udGVudC93b29fdXBsb2Fkcy84LWxvZ29uYW1lLXRyYW5zLnBuZyI7aTo1O3M6Njg6Imh0dHA6Ly93d3cuYnphdWdnLmNvbS93cC1jb250ZW50L3dvb191cGxvYWRzLzctYmFubmVyLWxvZ28tdHJhbnMuanBnIjtpOjY7czo2ODoiaHR0cDovL3d3dy5iemF1Z2cuY29tL3dwLWNvbnRlbnQvd29vX3VwbG9hZHMvNi1iYW5uZXItbG9nby10cmFucy5qcGciO2k6NztzOjYxOiJodHRwOi8vd3d3LmJ6YXVnZy5jb20vd3AtY29udGVudC93b29fdXBsb2Fkcy81LWxvZ28tdHJhbnMuZ2lmIjtpOjg7czo2MToiaHR0cDovL3d3dy5iemF1Z2cuY29tL3dwLWNvbnRlbnQvd29vX3VwbG9hZHMvNC1sb2dvLXRyYW5zLmdpZiI7aTo5O3M6NjY6Imh0dHA6Ly93d3cuYnphdWdnLmNvbS93cC1jb250ZW50L3dvb191cGxvYWRzLzMtbG9nb19iemF1Z2dfY29tLmpwZyI7fTwvbGk+PC91bD4=