All the latest UK technology news, reviews and analysis
|
|
|
17 Aug 2009
Three men, one US citizen and two Russians, have been indicted for the largest data theft in US history.
Albert Gonzalez, also known as 'segvec', 'soupnazi' and 'j4guar17', and two unnamed accomplices have been charged by the Department of Justice (DoJ) with conspiracy to illegally access computers and conspiracy to engage in wire fraud.
Gonzalez is already in custody for the hacking of eight major retailers in an attempt to steal the details of 40 million credit cards.
"This investigation marks the continued success of law enforcement in tracking down cutting-edge hacking schemes committed by hackers working together across the globe," said acting US attorney Ralph Marra.
The trio used an SQL injection attack from proxy servers in California, Illinois, Latvia, the Netherlands and Ukraine to attack retail sites, and took elaborate precautions to cover their tracks, such as testing their malware against 20 leading security vendors' software and designing the attack code so that it deleted data on its activities.
The men stole information from 7-Eleven, Miami supermarket chain Hannaford Brothers and Heartland Payment Systems among others. The DoJ said that the companies' co-operation had been key to catching the three.
"When companies make the decision to work with law enforcement and disclose a data breach at the earliest possible opportunity, it provides the best chance of apprehending a hacker, and demonstrates that those corporate victims will actively defend their systems," Marra said.
The three men each face 35 years in prison, plus a substantial fine. It is not known whether the two Russian team members have been arrested.
Latest stories from Web
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Software Engineer - Performance - Permanent - Cheshire...
Leading Financial Services Company requires experience...
TOM, Business Analyst, Loan IQ, Process, Risk, Operations...
ASP.NET Developer - MVC, JavaScript, MS SQL, CSS, HTML...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Keeping customers safe online
This scam highlights the vulnerability of web applications. Businesses can however put in place simple measures to stop their customers falling victim to threats such as the SQL injection attacks. Credit Card numbers should be monitored as a matter of course, so that any irregularities that put personal data at risk can swiftly be identified. Once personal details have been accessed, it will be difficult to retrospectively stop fraud from taking place. Proactive measures will help organisations feel more confident in the security of their infrastructure and, in turn, the details of their customers.
Posted by: Graham Moore, e-retail specialist, Zeus Technology 19 Aug 2009
A good step toward securing financial information
Monday's indictment of three hackers, who are charged with committing one of the largest credit card thefts in history, is a good step toward securing the nation's financial information. By holding the individuals accountable for their actions, we send a strong message to would-be hackers. The incident also shines a focus on the importance of collecting log records, which document security breaches so that they can be discovered and responded to. Without logs, there is no evidence, and without evidence law enforcement cannot even start an investigation. It is important to treat and protect log data as critical evidence as a standard practice in order to ensure that this electronic evidence will be admissible in court. With a log management solution in place before a breach occurs, the organisation is prepared to collect, store, and maintain chain of custody of those logs so that they are admissible in a court of law, thereby enabling prosecutors to bring the criminals to justice.
Posted by: Dominique Levin, VP Marketing and Strategy at LogLogic Inc 19 Aug 2009