SQL Injection Hack Mastermind Gets Indicted on Conspiracy Charges

fbitacticalThe U.S. Department of Justice announced on Monday that Albert Gonzalez along with two others were being indicted for five new corporate data breaches, aside from his most famous escapade: the infamous TJ Maxx breech that affected 94 million accounts. Gonzalez, indicted in 2008, is the supposed ring leader of a cybercrime enterprise that was able to steal around 170 credit and debit card numbers from companies such as Heartland Payment Systems, Hannaford Brothers Co., and even 7-Eleven. Gonzalez and his cohorts targeted Fortune 500 companies by finding physical and virtual weaknesses within the organizations to exploit.

Investigators were left asking, how did he do it? Gonzalez’ approach was simple. He would first identify point of sale machines and upload information to create a hacking platform. He would then launch a SQL-injection attack on the system using instant messages to relay his discoveries to his partners in crime. Using malware and sniffers they were able to absorb the credit card numbers with relative ease. They avoided detection by using intermediary, or “proxy,” computers and testing their malware against twenty of the leading anti-virus products. While none of these tactics solicit technological genius, it was more than enough to exploit the weak defenses these powerful companies had.
With millions of people using credit and debit cards to purchase items each day it makes us very uneasy to think that such high profile systems can be so easily breached. It’s important for companies to invest in stronger defenses to keep our credit information safe.

Companies should put more time into creating stronger defenses so that cyber heist like these are not so easy to carry out. Until then I’d recommend paying in cash.

(Via ZDNET and TG Daily)

About the author  ⁄ BrickHouse Security

BrickHouse Security is the industry's premier supplier of security and surveillance solutions. As a recognized authority in GPS tracking, hidden cameras, cell phone/PC monitoring, video surveillance and counter surveillance, we help our customers use technology to get the clarity they need. We proudly serve consumers, businesses of all sizes and the law enforcement community. When you need to know, BrickHouse has the answers.