Wednesday, April 02, 2008

Smarter Hackers

Some of these guys are playing big-time poker.

The major breach disclosed by the Hannaford Bros. Cos. grocery chain has been tied to malicious software that was planted on servers at about 300 of its stores.

The revelation shows that hackers have devised
a way to steal card data from a merchant that was not storing it, a consultant told The Boston Globe for a Friday article.

Hannaford, a Scarborough, Maine, unit of Delhaize Group SA of Belgium, adheres to the Payment Card Industry data security standard, but "just because they are compliant, it doesn't mean they are safe," Graham Cluley, a technology consultant for Sophos Inc. in Burlington, Mass., told the Globe.

...The software was found on servers at every Hannaford store in Maine, Vermont, New Hampshire, Massachusetts, and New York and at some stores in other regions, such as Florida.
It intercepted some of the data encoded in the magnetic stripe on payment cards during the authentication process at the point of sale, the letter said. The malicious program then transmitted batches of the stolen data abroad.

Emily D. Dickinson, Hannaford's general counsel, said in the letter that law enforcement officials told her "the method of illicit acquisition is a new and sophisticated method, in that it obtains data in transit during the course of the authentication process."

Now the question is "How did that software get 'planted' in all those servers?"

Source: ABA Newsletter

No comments: