Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 6 MINUTES AGO.
You are here: Home / Network Security / Five Charged In Largest Data Breach
Five Hackers Indicted for Stealing 160 Million Identities
Five Hackers Indicted for Stealing 160 Million Identities
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
25
2013

Five hackers have been charged with propagating a massive cyberscheme that helped them steal more than 160 million credit and debit cards from 2005 to 2012. One Ukrainian hacker and four Russians crept into networks of both U.S. and international companies, including 7-Eleven, Dow Jones, J.C. Penny and Nasdaq, and stole personal identifying information, according to the U.S. Attorney's Office for New Jersey.

The U.S. Attorney's office called it the largest cyberscheme ever prosecuted in America. Hundreds of millions of dollars were lost in the exploit. U.S. Attorney Paul Fishman said, "Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national Relevant Products/Services."

Industrialization of Fraud

We asked Tommy Chin, a Technical Support Engineer at CORE Security, for his take on the Relevant Products/Services. He told us with such a large presence in the Relevant Products/Services space, it isn't going to be easy to shut down the global black market operation.

"The reward for a new leader to step up when the old leader isn't around anymore is very high," he said. "With 160 million credit card numbers, it's going to be difficult for any crime organization go to bankrupt."

From his perspective, Mike Gross, a senior manager of Risk Strategy and Professional Services at 41st Parameter, sees the compromise of 160 million credit and debit card numbers as further evidence that cyberattackers are using increasingly sophisticated tactics and closely coordinating their attacks, which can have devastating financial consequences.

"Fighting this rapid industrialization of fraud requires both innovative technology and broad visibility into all aspects of the criminal enterprise -- from the initial compromise through the underground sale of Relevant Products/Services and eventual use," he told us. "Without stronger situational awareness and solutions to harden defenses and proactively identify signals of fraud ahead of large-scale attacks, corporations will continue to see the effects of recent data breaches hitting their bottom lines."

Same Old Strategies

Kevin O'Brien, an enterprise solutions architect at CloudLock, believes criminal hacking is increasingly capable of obtaining information from any publicly accessible resource -- and the focus by organizations, especially those responsible for highly sensitive personal and financial information, needs to shift away from network and system security design toward information security if they wish to stay ahead of those criminals.

"We continue to see the same categories of mistakes leading to data breaches: poorly secured databases subject to SQL-injection attacks, website design issues leading to XSS (cross-site scripting) vulnerabilities, man-in-the-middle and other network-level attacks, and classic social engineering," O'Brien told us. "Some of these can certainly be solved by judicious use of technology, such as better hardware and more carefully implemented encryption technology; others will need to be addressed by way of better training and design in the first place."

As O'Brien sees it, if we assume that these were skilled hackers working to gain access to this data, it's safe to say that almost any technological security solution could have been bypassed at some point. What might have helped to prevent that from leading to a major breach would have been better separation of the high-value assets from the net-connected systems that were hacked.

"While this information is not yet -- and may never be -- known publicly, it's reasonable that there were one or more user accounts that were compromised, rather than poorly coded Relevant Products/Services that were exploited," he said. "Unfortunately, if expectedly, human nature tends to dismiss these types of systemic weaknesses as 'lucky breaks' or 'unforeseeable accidents,' and as a result, attention and money in the security industry continues to be spent on solving those things that are easiest to address, rather than essential problems that would require substantive trade-offs to implement."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2016 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.