IronMagLabs Osta Rx

          Follow Us on Facebook        Subscribe to us on YouTube        Follow Us on Twitter        IronMagLabs on Instagram        Sign Up for our Newsletter


U.S. Indicts Three in Theft of 130 Million Accounts

Results 1 to 7 of 7
  1. #1
    Senior Member
    ADMINISTRATOR
    Prince's Avatar


    Join Date
    Nov 2000
    Gender
    Male
    Location
    Panama
    Posts
    61,231
    Rep Points
    2147483647

    Post U.S. Indicts Three in Theft of 130 Million Accounts






    U.S. Indicts Three in Theft of 130 Million Accounts
    By David Voreacos

    Aug. 17 (Bloomberg) -- A Miami man and two unidentified computer hackers were charged with stealing 130 million credit and debit card numbers in what the Justice Department said was the largest such prosecution in U.S. history.

    Albert Gonzalez, a 28-year-old Miami resident, and two hackers living “in or near Russia” were indicted today by a federal grand jury in Newark, New Jersey, for stealing data from Heartland Payment Systems Inc., 7-Eleven Corp., Delhaize Group’s Hannaford Brothers Co. and two unidentified national retailers.

    The hackers stole 130 million card numbers from Heartland, a bank-card payment processor, starting in December 2007, by using malicious computer software, according to the 14-page indictment. An undetermined number of card numbers were stolen from 7-Eleven and 4.2 million from Hannaford, a regional supermarket chain, according to the indictment.

    “This investigation marks the continued success of law enforcement in tracking down cutting edge hacking schemes committed by hackers working together across the globe,” acting U.S. Attorney Ralph Marra said in a statement.

    Gonzalez and the two hackers were charged with two counts of conspiracy in a scheme to sell data they stole using computers in New Jersey, California, Illinois, Latvia, Ukraine and the Netherlands, according to the indictment.

    Gonzalez, who is in federal custody in Brooklyn, New York, was arrested in New Jersey in 2003 for his role in ATM and debit card fraud, Marra said in a statement. He was indicted last year by federal grand juries in Massachusetts and New York for data breaches at companies, according to the statement.

    Victims Scouted

    The hackers scouted potential victims by reviewing a list of Fortune 500 companies and then visiting retail stores to identify the payment processing systems and their vulnerabilities, prosecutors said. They used malicious software known as malware and so-called injection strings to attack the computers and steal data, prosecutors said.

    They installed “sniffer” programs to capture data “on a real-time basis” as it moved through the computer networks, and used instant messaging services to advise each other on how to navigate the systems, according to the indictment. They also programmed malware to evade detection by anti-virus software and erase files that might detect its presence, prosecutors said.

    Heartland, based in Princeton, New Jersey, is used by 175,000 businesses at 250,000 locations. The company said Jan. 20 it found “malicious software” in its processing system that hackers used to steal data in 2008.

    Government Investigations

    In a Feb. 24 conference call, Chief Executive Officer Robert Carr said the company was the subject of an informal inquiry by the Securities and Exchange Commission, as well as investigations by the Justice Department, the Federal Trade Commission and the Office of the Comptroller of the Currency.

    Jason Maloni, a Heartland spokesman, didn’t immediately return a call seeking comment. A shareholder sued Heartland directors and officers on July 14 in federal court in Trenton, New Jersey, for alleged breach of fiduciary duty before the cyber attack.

    In a July 16 interview, Maloni said the company was cooperating with government investigators. He said Heartland had “undergone a number of steps to enhance our security and raise the understanding of the growing threat of cyber-criminals among the entire financial sector, including our own competitors.”

    source





    IronMagLabs 15% Discount Code: Robert15



    Hardcore Peptides 20% Discount Code: Robert20



  2. #2
    Thats Dr. Keke to you!
    ELITE MEMBER
    KelJu's Avatar


    Join Date
    Jul 2005
    Location
    In my imagination.
    Posts
    14,625
    Rep Points
    899974883

    Holy fucking shit!

  3. #3
    Bohemian Extraordinaire
    ELITE MEMBER
    maniclion's Avatar


    Join Date
    Aug 2003
    Gender
    Male
    Location
    Mēns Incognita
    Posts
    26,851
    Rep Points
    804964429

    Companies like that should have a few guys sitting there scanning the network constantly for attacks and shit, depending on software to do it is stupid......do some actual digging and detection themselves as another precaution.....
    Coarse edged youth, the irish pendants string from their smiles
    not yet plucked as to slacken the seams
    and drag down the features of age,
    no folds or creases from unkempt wear
    eyes of tranquilty, crystalline-beads
    no sign of despair in their hair, nor their hearts
    but oh they have yet to be experienced and that makes aging so very worth it...ML circa2012

  4. #4
    Thats Dr. Keke to you!
    ELITE MEMBER
    KelJu's Avatar


    Join Date
    Jul 2005
    Location
    In my imagination.
    Posts
    14,625
    Rep Points
    899974883

    Quote Originally Posted by maniclion View Post
    Companies like that should have a few guys sitting there scanning the network constantly for attacks and shit, depending on software to do it is stupid......do some actual digging and detection themselves as another precaution.....

    Security cost money. The security of our personal information, medical history, and account numbers is left up to bonehead business people who don't know shit about it.

    I work for a company that sells hospital systems and supports over 500 hospitals, and even our security is a fucking joke. 3/4 of our sites have dial in remote access via modem, and I know the root passwords to all of them. All it would take would be for me to be unethical for 1 minute to sell anyone's complete medical history for a ton of cash. With electronic medical records act, it will get worse. I have access to only 500 hospitals, but after a total nation wide integration, I could access anyone's in the country.

    I'm not a hacker either. I'm just 1 of probably 50 employees who have total access to any system we support. Just this month, HIPA got around to making it law that employees can not travel with unencrypted tapes and hard drives in case we lose them. However, my company decided that the encryption code would be the same for every hospital.

    We did that because we would have to know the encryption code in case the site forgot it, otherwise we would not be able to restore their data. Well that makes sense for keeping out customer happy, but it don't do shit for keeping the data secure. It's a fucking joke.

  5. #5
    Bohemian Extraordinaire
    ELITE MEMBER
    maniclion's Avatar


    Join Date
    Aug 2003
    Gender
    Male
    Location
    Mēns Incognita
    Posts
    26,851
    Rep Points
    804964429

    Quote Originally Posted by KelJu View Post
    Security cost money. The security of our personal information, medical history, and account numbers is left up to bonehead business people who don't know shit about it.

    I work for a company that sells hospital systems and supports over 500 hospitals, and even our security is a fucking joke. 3/4 of our sites have dial in remote access via modem, and I know the root passwords to all of them. All it would take would be for me to be unethical for 1 minute to sell anyone's complete medical history for a ton of cash. With electronic medical records act, it will get worse. I have access to only 500 hospitals, but after a total nation wide integration, I could access anyone's in the country.

    I'm not a hacker either. I'm just 1 of probably 50 employees who have total access to any system we support. Just this month, HIPA got around to making it law that employees can not travel with unencrypted tapes and hard drives in case we lose them. However, my company decided that the encryption code would be the same for every hospital.

    We did that because we would have to know the encryption code in case the site forgot it, otherwise we would not be able to restore their data. Well that makes sense for keeping out customer happy, but it don't do shit for keeping the data secure. It's a fucking joke.
    Don't I know how stupid everything is, if I wanted to copy a customers credit card without him knowing all I have to do is lay his card on my desk while punching in the price and other info and his raised letters and numbers will be embedded in my skin, I've done this before on accident and when the guy left with his card I had every piece of info on my forearm all i had to do was memorize the 3 digits on the back and I could have used it......we are all asking for a royal fucking in the ass.....
    Coarse edged youth, the irish pendants string from their smiles
    not yet plucked as to slacken the seams
    and drag down the features of age,
    no folds or creases from unkempt wear
    eyes of tranquilty, crystalline-beads
    no sign of despair in their hair, nor their hearts
    but oh they have yet to be experienced and that makes aging so very worth it...ML circa2012

  6. #6
    Senior Member
    ELITE MEMBER
    danzik17's Avatar


    Join Date
    Oct 2005
    Gender
    Male
    Location
    Connecticut
    Posts
    3,801
    Rep Points
    62793096

    Quote Originally Posted by KelJu View Post
    Security cost money. The security of our personal information, medical history, and account numbers is left up to bonehead business people who don't know shit about it.

    I work for a company that sells hospital systems and supports over 500 hospitals, and even our security is a fucking joke. 3/4 of our sites have dial in remote access via modem, and I know the root passwords to all of them. All it would take would be for me to be unethical for 1 minute to sell anyone's complete medical history for a ton of cash. With electronic medical records act, it will get worse. I have access to only 500 hospitals, but after a total nation wide integration, I could access anyone's in the country.

    I'm not a hacker either. I'm just 1 of probably 50 employees who have total access to any system we support. Just this month, HIPA got around to making it law that employees can not travel with unencrypted tapes and hard drives in case we lose them. However, my company decided that the encryption code would be the same for every hospital.

    We did that because we would have to know the encryption code in case the site forgot it, otherwise we would not be able to restore their data. Well that makes sense for keeping out customer happy, but it don't do shit for keeping the data secure. It's a fucking joke.
    Why not set up a PKI to handle encryption/decryption? Way more secure than using just a password, you just need to store those certs away somewhere safe.
    Ron Paul 2012

    No gym for home, work out floor with 30, but is it for 20 like 30 lb when you no lift it to be for men, for 30 lbs instead? or half is 10 for 20 pounds?

  7. #7
    Super Hero in Training
    Burner02's Avatar


    Join Date
    Mar 2002
    Gender
    Male
    Location
    Mezar E Sharif, Afghanistan
    Posts
    30,721
    Rep Points
    124162949






    Quote Originally Posted by KelJu View Post
    Security cost money. The security of our personal information, medical history, and account numbers is left up to bonehead business people who don't know shit about it.

    I work for a company that sells hospital systems and supports over 500 hospitals, and even our security is a fucking joke. 3/4 of our sites have dial in remote access via modem, and I know the root passwords to all of them. All it would take would be for me to be unethical for 1 minute to sell anyone's complete medical history for a ton of cash. With electronic medical records act, it will get worse. I have access to only 500 hospitals, but after a total nation wide integration, I could access anyone's in the country.

    I'm not a hacker either. I'm just 1 of probably 50 employees who have total access to any system we support. Just this month, HIPA got around to making it law that employees can not travel with unencrypted tapes and hard drives in case we lose them. However, my company decided that the encryption code would be the same for every hospital.

    We did that because we would have to know the encryption code in case the site forgot it, otherwise we would not be able to restore their data. Well that makes sense for keeping out customer happy, but it don't do shit for keeping the data secure. It's a fucking joke.
    well...the best security plan will always be defeated by the one single common demonintion. Human interaction.
    Thumb drives...awesome, portable and useful. Banned DoD wide...why? 'cause people can't secure them. Here in Afghanistan.....our CID/OSI teams go to the local bazzars and always find dozens/hundreds of thumb drives for sale...with US/NATO classified info on them...
    Success leaves clues. People who produce outstanding results do specific things to create those results

    Nobody cares what you did yesterday or what you are going to do tomorrow. What is important is what you are doing NOW to solve our problem

    THERE IS NO TOMORROW!
    - Appollo Creed

Similar Threads

  1. IRS gets a key to Swiss bank accounts
    By Prince in forum Open Chat
    Replies: 24
    Last Post: 08-22-2009, 07:43 PM
  2. On-Line saving accounts
    By Doublebase in forum Open Chat
    Replies: 20
    Last Post: 08-25-2006, 02:33 AM
  3. 3rd person accounts and legal issues
    By jasone in forum Anabolic Zone
    Replies: 3
    Last Post: 02-26-2006, 06:01 PM
  4. delting accounts to make new
    By DontStop in forum Open Chat
    Replies: 40
    Last Post: 11-07-2005, 10:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
DISABLED END -->