Subscribe to web2feel.com
Subscribe to web2feel.com

All Top Banking

Heartland Sniffer Found in Unallocated Portion of Disk Drive

Posted by John B. Frank Wednesday, January 28, 2009

StorefrontBacktalk: Heartland Sniffer Hid In Unallocated Portion Of Disk

Evan Schuman, who first reported that the Secret Service has identified the person(s) responsible for the Heartland attack, writes more about the attack in his publication, StoreFront Backtalk. 


He says that the sniffer malware used in the Heartland attack was cloaked in an unallocated portion of Heartland's server, which is a well-known tactic.  What's unique in this type of attack is that it requires "tricking" the Operating System either by modifying the OS itself, or installing a modified device driver.  Either way, one consultant said that the fact the hacker(s) got around the OS itself is a "scary mother."

SFBT also says in the article that Robert Baldwin, President and COO of Heartland, says they were contacted by V/MC in late October.  It then took two weeks by two different forensic teams, (who , according to Heartland) were both about to issue a clean bill of health, to find some .tmp files in an unallocated portion of the disk drives, which turned out to  be a by-product of the malware. 

Finally, Evan Schuman addresses Heartland's decision to pursue End 2 End Encryption, questioning how feasible it is, given the cost, the amount of payment players that would have to participate, combined with the fact that it is the card brands themselves, who insist on dealing with unencrypted data.

This from StoreFront Backtalk:

The sniffer malware that surreptitiously siphoned tons of payment card data from card processor Heartland Payment Systems hid in an unallocated portion of a server’s disk. The malware, which was ultimately detected courtesy of a trail of temp files, was hidden so well that it eluded two different teams of forensic investigators brought in to find it after fraud alerts went off at both Visa and MasterCard, according to Heartland CFO Robert Baldwin.

Regarding end-to-end-encryption, Evan quotes Heartland CEO Bob Carr and explains the potential problem with it...

"Heartland CEO Robert Carr said in a statement. “Nevertheless, I believe the development and deployment of end-to-end encryption will provide us the ability to implement increasing levels of security protection as they become needed.” 

End-to-end encryption is far from a new approach. But the flaw in today’s payment networks is that the card brands insist on dealing with card data in an unencrypted state, forcing transmission to be done over secure connections rather than the lower-cost Internet. This approach avoids forcing the card brands to have to decrypt the data when it arrives."

Read Evan Schuman's complete article here




Related articles
Related article in The PIN Debit Payments Blog:

Class-Action Suit Against Heartland ~ PIN Debit Payments Blog
2 hours ago
In an article titled, "Banks, credit unions scramble in wake of Heartland breach," Jaikumar Vijayan writes for Computer World that several banks have begun reporting fraud and have been forced to issue replacement cards. ...

HomeATM - http://pindebit.blogspot.com/

Heartland - End 2 End Encryption 2 End Hacking ~ PIN Debit ...
26 Jan 2009
Here's an update on Heartland Payment Systems. This is a better press release than the previous ones. It makes sense that transactions are encrypted at all times. I was miffed at the previous press releases, ...

HomeATM - http://pindebit.blogspot.com/
Heartland Fallout Continues ~ PIN Debit Payments Blog
25 Jan 2009
According to the St. Louis Journal, Heartland Bank and Bank of America said Friday they are issuing new credit and debit cards to their customers in response to the security breach at Heartland Payment Systems of New ...

HomeATM - http://pindebit.blogspot.com/ - References
The Bad Guys Are Very Good - Heartland President ~ PIN Debit ...
22 Jan 2009 by jfrank@homeatm.net (John B. Frank)  
(Editor's Note: If Heartland was PCI certified, I highly doubt they'll be "cut-off" by Visa/MC, however, that's not to say that they won't lose a significant portion of their 250000 member base, especially considering ...

HomeATM - http://pindebit.blogspot.com/
More on the Heartland Breach...a lot more... ~ PIN Debit Payments Blog
20 Jan 2009
That's scary enough but what's really scary here is that Heartland got breached as they unencrypted the information to get authorization from Visa, MasterCard, American Express and Discover. ...

HomeATM - http://pindebit.blogspot.com/
Heartland's Bad Ticker ~ PIN Debit Payments Blog
22 Jan 2009 by jfrank@homeatm.net (John B. Frank)  
We're going to follow Heartland's "Bad Ticker" from now until Valentines Day. Yesterday there was some murmur's, today started with some palpitations, and last time I looked, their was some severe chest pain. ...

HomeATM - http://pindebit.blogspot.com/
Fraud in the Heartland ~ PIN Debit Payments Blog20 Jan 2009 by jfrank@homeatm.net (John B. Frank)  
Earlier this morning, came news that one of the nations bigger processors, Heartland Payment Systems has been breached. Are they related or was Avivah Litan, distinguished analyst with Garnter spot-on when she said, ...

HomeATM - http://pindebit.blogspot.com/





Reblog this post [with Zemanta]

edit post

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio