http://www.madison.com/wsj/home/biz/index.php?ntid=44402&ntpid=2 Brian Bergstein AP technology writer 6/21/05 The numbers involved in the latest high-stakes cybercrime are astonishing: Burrowing into a payment-processing company's computers, a hacker apparently stole data on 200,000 credit and debit accounts and had access to 40 million. But that doesn't make the techniques required to pull off such a heist all that unusual. Security researchers say the murky online community of credit card thieves is increasingly sophisticated at exploiting weaknesses in financial networks. And even lesser mischief- makers, often derided as mere "script kiddies," can pick from a bundle of easily available tools that let them cut and paste the programming code needed to carry out attacks - without even understanding how it works. "I'd say a script kiddie could do this," said Jim Stickley, chief technical officer for TraceSecurity. "I don't think it would be difficult at all." Little has been publicly revealed about the attack on CardSystems Solutions, an Atlanta-based company that ferries card transactions between merchants and banks. The FBI and the company have been silent about details of the hack. Asked Tuesday whether one of the company's 115 employees could have been involved, Bill Reeves, CardSystems' senior vice president of marketing, said the company would not "rule anything in or out at this point." Even so, enough is known so computer security experts can make educated guesses. When the breach was announced Friday, MasterCard said someone had installed a virus-like program on CardSystems' network. CardSystems later acknowledged that the compromised data had been inappropriately stored for "research purposes" rather than deleted after transactions had ended. If that "research" had involved transferring data into less-secure parts of CardSystems' network - perhaps, say, so CardSystems programmers could run tests on real credit card records - outsiders who routinely probe systems for soft spots could have discovered the files. "In this day and age you have hundreds of attacks on every single Internet connection every single day," said Jonathan Rosenoer, director of risk and compliance solutions in IBM Corp.'s financial services practice. Once a weakness is found, how can it be exploited? Stickley offered one simple scenario: Someone could send a CardSystems employee an e- mail linking to a phony online greeting card. The link would produce the expected dancing dog or other jolly scene but in the background, a "Trojan horse" program would take root on the computer and prepare to relay information to an outsider. Because the program would enter through communications ports commonly left open for Web browsing, the attack would not be picked up by intrustion-detection software or blocked by a firewall. Robert Richardson, editorial director of the San Francisco- based Computer Security Institute, suspects the CardSystems hacker had to get into a database server rather than just an average Internet-connected computer. For that, "you'd need to be a notch above script kiddie," he said. Even so, he added, more and more automated tools now exist to unleash Trojan horses and other means of busting into complex systems. "They're moving up that food chain pretty fast." Tom Kelly, a former credit- fraud investigator for the Postal Service and Citigroup, said the CardSystems hack appears to be the work of a sophisticated ring that knew precisely what kind of file to grab. "Maybe they hack all kinds of different things and they just got lucky, but I think it's surprising," said Kelly, senior investigator at Stroz Friedberg, a computer forensics firm. "Can anybody - you and your friends - sit down, and if you're real computer savvy, get into this system? I don't think so. If you did it 24/7 and it was your job, I would say probably." Copyright © 2005 Wisconsin State Journal _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jun 21 2005 - 23:55:04 PDT