The U.S. Department of Justice announced on Monday that Albert Gonzalez along with two others were being indicted for five new corporate data breaches, aside from his most famous escapade: the infamous TJ Maxx breech that affected 94 million accounts. Gonzalez, indicted in 2008, is the supposed ring leader of a cybercrime enterprise that was able to steal around 170 credit and debit card numbers from companies such as Heartland Payment Systems, Hannaford Brothers Co., and even 7-Eleven. Gonzalez and his cohorts targeted Fortune 500 companies by finding physical and virtual weaknesses within the organizations to exploit.
Investigators were left asking, how did he do it? Gonzalez’ approach was simple. He would first identify point of sale machines and upload information to create a hacking platform. He would then launch a SQL-injection attack on the system using instant messages to relay his discoveries to his partners in crime. Using malware and sniffers they were able to absorb the credit card numbers with relative ease. They avoided detection by using intermediary, or “proxy,” computers and testing their malware against twenty of the leading anti-virus products. While none of these tactics solicit technological genius, it was more than enough to exploit the weak defenses these powerful companies had.
With millions of people using credit and debit cards to purchase items each day it makes us very uneasy to think that such high profile systems can be so easily breached. It’s important for companies to invest in stronger defenses to keep our credit information safe.
Companies should put more time into creating stronger defenses so that cyber heist like these are not so easy to carry out. Until then I’d recommend paying in cash.