HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 12 MINUTES AGO.
You are here: Home / Data Security / Five Charged In Largest Data Breach
Five Hackers Indicted for Stealing 160 Million Identities
Five Hackers Indicted for Stealing 160 Million Identities
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
25
2013

Five hackers have been charged with propagating a massive cyberscheme that helped them steal more than 160 million credit and debit cards from 2005 to 2012. One Ukrainian hacker and four Russians crept into networks of both U.S. and international companies, including 7-Eleven, Dow Jones, J.C. Penny and Nasdaq, and stole personal identifying information, according to the U.S. Attorney's Office for New Jersey.

The U.S. Attorney's office called it the largest cyberscheme ever prosecuted in America. Hundreds of millions of dollars were lost in the exploit. U.S. Attorney Paul Fishman said, "Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security."

Industrialization of Fraud

We asked Tommy Chin, a Technical Support Engineer at CORE Security, for his take on the breach. He told us with such a large presence in the cybercrime space, it isn't going to be easy to shut down the global black market operation.

"The reward for a new leader to step up when the old leader isn't around anymore is very high," he said. "With 160 million credit card numbers, it's going to be difficult for any crime organization go to bankrupt."

From his perspective, Mike Gross, a senior manager of Risk Strategy and Professional Services at 41st Parameter, sees the compromise of 160 million credit and debit card numbers as further evidence that cyberattackers are using increasingly sophisticated tactics and closely coordinating their attacks, which can have devastating financial consequences.

"Fighting this rapid industrialization of fraud requires both innovative technology and broad visibility into all aspects of the criminal enterprise -- from the initial compromise through the underground sale of data and eventual use," he told us. "Without stronger situational awareness and solutions to harden defenses and proactively identify signals of fraud ahead of large-scale attacks, corporations will continue to see the effects of recent data breaches hitting their bottom lines."

Same Old Strategies

Kevin O'Brien, an enterprise solutions architect at CloudLock, believes criminal hacking is increasingly capable of obtaining information from any publicly accessible resource -- and the focus by organizations, especially those responsible for highly sensitive personal and financial information, needs to shift away from network and system security design toward information security if they wish to stay ahead of those criminals.

"We continue to see the same categories of mistakes leading to data breaches: poorly secured databases subject to SQL-injection attacks, website design issues leading to XSS (cross-site scripting) vulnerabilities, man-in-the-middle and other network-level attacks, and classic social engineering," O'Brien told us. "Some of these can certainly be solved by judicious use of technology, such as better hardware and more carefully implemented encryption technology; others will need to be addressed by way of better training and design in the first place."

As O'Brien sees it, if we assume that these were skilled hackers working to gain access to this data, it's safe to say that almost any technological security solution could have been bypassed at some point. What might have helped to prevent that from leading to a major breach would have been better separation of the high-value assets from the net-connected systems that were hacked.

"While this information is not yet -- and may never be -- known publicly, it's reasonable that there were one or more user accounts that were compromised, rather than poorly coded applications that were exploited," he said. "Unfortunately, if expectedly, human nature tends to dismiss these types of systemic weaknesses as 'lucky breaks' or 'unforeseeable accidents,' and as a result, attention and money in the security industry continues to be spent on solving those things that are easiest to address, rather than essential problems that would require substantive trade-offs to implement."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.
MORE IN DATA SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
The FBI is pointing the finger of blame for the Sony Pictures cyberattack directly at North Korea. The hackers stole confidential data and caused the movie giant to can its new comic film, "The Interview."

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.