Emerging Threats in Data Breaches

Heartland-Style Breaches Change the Meaning of a Large-Scale Data Breach Ten years ago, the Department of Justice was prosecuting mischief-makers for defacing web pages. Today, federal prosecutors are targeting international crime rings behind such high-profile hacks as retailer TJX, which exposed tens of million of consumers' credit accounts.

"We've gone from card farms to card resellers to international hackers," says Kimberly Kiefer Peretti, senior counsel in the department's computer crime section.

Peretti along with her computer crime section colleague Howard Cox presented "Emerging Threats in Data Breaches" at the RSA Conference in San Francisco on Tuesday. Among their key topics:

What we know about breaches;
What we know about criminals.

Breach Trends

The most popular types of data breaches won't surprise anyone:

War-driving, where hackers penetrate wireless networks;
Internet-based attacks;
Malicious code;
Social engineering.

The difference today, Cox says, is "We have to be equally as good at social engineering to penetrate these groups."

There are some key nuances in modern-day breaches, Cox and Peretti say. Among them:

Physical presence in the U.S. is optional - many hacks now originate outside the U.S.

Sometimes they're sophisticated, sometimes not - often no two breaches are alike.

Hackers use encryption - Cox describes one breach in which the hacker used a VPN tunnel that "was more sophisticated than the retailer's network."

They get PINs - either through brute force attacks or by targeting hardware security module boxes.

Debit/cash cards are popular targets - because hackers can get into the accounts, change balances and limits, then loot the accounts quickly.

Processors - like Heartland - are the targets du jour - "This changes the meaning of what a large-scale data breach is," Peretti says.

Profiles of Criminals

Despite heightened fears of the insider threat in the current recession, Cox says the top hackers are overseas - many of them Russian-speaking. Today's best criminals are young, mobile, they learn while they earn, and they're quite willing to follow the money. "They look for the most vulnerable victims," Cox says.

To prevent attacks, Cox recommends that organizations take these steps:

Make your system safe from SQL injections;
Pay attention when law enforcement and credit card companies call; and
Pay heed to alerts from law enforcement.

Given the proliferation of criminals outside the U.S., the Justice Department is challenged to get cooperation from international law enforcement agencies. But - as evidenced by last year's TJX-related arrests - the partnerships are developing. "It's not perfect yet," Peretti says, "but seven years ago it would have been unheard of to [cooperate] as we do now."

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.