Thursday, August 20, 2009

Three Indicted in Largest Corporate Identity Theft Case in History: Update 1

We have known for some time that the electronic identity-theft business is burgeoning. The US Treasury Department says it knows of 55,000 cases in just 10 years. But, as of now, it has its official poster boy. He is 28-year-old Albert Gonzalez, a man who allegedly has a special talent for this particular line. He is handsome, he is rich – he reportedly splurged $75,000 (£45,000) on his own birthday one year – and has the kind of charm that could dazzle the hardest of men, says a federal secret service agent. But it's not your daughters you need to be locking up: it's your credit cards.

That, at least, is the contention of the authorities in New Jersey, who late on Monday unveiled criminal charges against Mr Gonzalez identifying him as the leader of a three-man ring which, between October 2006 and May 2008, successfully siphoned off the data from no fewer than 130 million credit and debit cards in the US by hacking into the networks of several retail and financial giants including the 7-Eleven corner-shop chain.

Gonzalez allegedly used a technique known as an "SQL injection attack", a form of computer hacking which is designed to exploit security vulnerabilities in databases. This type of attack is said to have started in Russia, China and North Korea,but has become increasingly popular in the United States. So much so that computer giant IBM will later this month release a report which shows that instances of SQL injection attacks have increased by 50 per cent in the first quarter of 2009, compared with the final quarter of 2008.

SQL injection requires the hackers to gain access to the computer networks they wish to hack. The hacker would do this by somehow breaching the computer's firewall and then "injecting" software into the database, which is held in a computer programming language known as SQL. What type of software is not known, but it would search for pins or passwords or transaction records. The stolen data was then sent to computer servers to sell on.

  • “Double agent who 'stole 130 million card details'”, The Independent, 8/19/09.
  • "SQL injection continues to trouble firms, lead to breaches", SearchSecurity.com, 8/18/09.
  • “SQL Injection Prevention Cheat Sheet”, Owasp, 7/21/09.

0 comments:

Followers

Search This Blog

Who am I?

I am a law enforcement professional with over 35 years experience in both sworn and civilian positions. I have service in 3 different countries in both the northern and southern hemispheres.

My principal areas of expertise are: (1) Intelligence, (2) Training and Development, (3) Knowledge Management, and (4) Administration/Supervision.

  © Blogger templates The Professional Template by Ourblogtemplates.com 2008

Back to TOP