| Albert Gonzalez, Cyber Criminal |
|
Albert Gonzalez, a 28 year old from Florida, is suspected of being involved in most of the major security breaches dating back to 2003 when he became an informant for the US Secret Service. With his assistance they were able to breakup "the shadow crew group" one of the largest online black markets for stolen identities. Of the 28 people arrested 27 of them pled guilty and one is on the run.
In 2008, Gonzalez was indicted on charges related to security breaches at TJX, Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes and Noble, Sports Authority, Forever 21 and DSW.
On August 17, 2009 he was indicted a third time by a federal grand jury on charges related with data breaches at Heartland, Hannaford Bros. and 7-Eleven Inc. These three date breaches have exposed over 130 million credit and debit cards.
The Takeaway
To protect yourself you need to understand how hackers executed their attacks in order to determine how to protect your data. According to reports, Gonzalez and two other accomplices used SQL injection attacks, malware and packet-sniffing tools to detect and steal payment card data.
In previous attacks Gonzalez and his cohorts used flaws in vulnerabilities in wireless networks to gain access to company’s networks and steal payment card data directly from databases.
Organizations should protect their networks and data by ensuring they follow industry security standards. For example:
Strong wireless access controls and encryption
Intrusion Detection / Prevention systems
Web Development code reviews
Application Layer Firewalls
Vulnerability scanning
Penetration testing
Vulnerability patch management
Finally, constant vigilance is required, not an option
Following security standards is not a guarantee of protection. Some people mistakenly think that by following a security standards will offer complete protected from hackers. Security standards will never eliminate risk; they can only reduce the risk of hackers successfully breaking into your networks and accessing data.
Donald E. Hester Brought to you by Maze & Associates, a leading Northern California Accounting Firm specializing in Municipal & Nonprofit Audit, Tax for individuals and all types of entities, Information System Audits, Security Reviews, as well as PCI Scans and certified training. Maze & Associates is a PCI ASV - Approved Scanning Vendor.
Disclaimer: The views expressed here are those of the author and do not represent those of Maze & Associates.
|
Subscribe to LearnSecurity Blog using your favorite feed reader by 
Latest News
| Need help with your books? Call us today for a free consultation at 925-930-0902. |