Heartland Sniffer Hid In Unallocated Portion Of Disk

January 29th, 2009 Rob Douglas

Heartland Sniffer Hid In Unallocated Portion Of Disk:

The sniffer malware that surreptitiously siphoned tons of payment card data from card processor Heartland Payment Systems hid in an unallocated portion of a server’s disk. The malware, which was ultimately detected courtesy of a trail of temp files, was hidden so well that it eluded two different teams of forensic investigators brought in to find it after fraud alerts went off at both Visa and MasterCard, according to Heartland CFO Robert Baldwin.

“A significant portion of the sophistication of the attack was in the cloaking,” Baldwin said.

Payment security experts pretty much agreed that hiding files in unallocated disk space is a fairly well-known tactic. But it requires such a high level of access-as well as the skill to manipulate the operating system-that is also indicates a very sophisticated attack. One of those security experts-who works for a very large U.S. retail chain and asked to have her name withheld-speculated that the complex nature of the hiding place, coupled with the relatively careless leaving of temp files, could suggest a less-skilled cyberthief who simply obtained some very powerful tools.

See the full report at StorefrontBacktalk.

Posted in Data Breach, Malware, Security Breach, Spyware, credit card fraud, cybercrime, information security | 1 Comment »

One Response

  1. John Franks Says:
    January 29th, 2009 at 10:08 pm

    Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture – absent new eCulture, breaches will, and continue to, increase. For example: Microsoft patched for the worm affecting Heartland 4 months ago. As CIO, I’m constantly seeking things that work, in hopes that good ideas make their way back to me – check your local library: A book that is required reading is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium.” It also helps outside agencies understand your values and practices.
    The author, David Scott, has an interview that is a great exposure: http://www.businessforum.com/DScott_02.html
    The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
    In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome – or propagate one.

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.