Blog: Hack

Yesterday, Heartland Payment Systems, Inc. disclosed a data breach that could be bigger than the TJX Companies, Inc.'s January 2007 breach.  Heartland, one of the largest payment processors in the country, said  they discovered the intrusion last week after being alerted by Visa and MasterCard of suspicious activity.  The company says they believe intruders planted malicious software designed to steal card data on the company's network sometime last year; however, the company has not yet released when the card companies informed them of the breach, when the breach took place in 2008, how long the intruders remained undetected, or how many cards might have been compromised.  Heartland claims no merchant data, cardholders' Social Security numbers, or unencrypted personal identification numbers (PIN), addresses or telephone numbers were compromised.

When a card is stolen, crooks typically "validate" the card with certain types of small transactions.  It has been noted that these types of transactions have increased nearly 20% over the past few months; however, it is not clear yet if this is related to the Heartland breach.  Currently, Heartland processes more than 100 million card transactions per month.

This is the second known compromise involving a large payment processor over the past few week.  On December 23rd, RBS WorldPay announced its systems had been breached by unknown intruders resulting in the compromise of personal information belonging to about 1.5 million card holders.  Payment processors are a prime target for cybercriminals due to the volume of transactions and information.

The security vendor Trend Micro announced Thursday that the company's website had been hacked earlier in week.  Mike Sweeny, a Trend Micro spokesman said "We took the pages down overnight Tuesday night - and took corrective action." [more]

On Thursday security vendor McAfee reported that more than 20,000 Web pages have been affected by the attack.  The pages are infected with malicious code that tries to install password-stealing software on the PCs of people who visit the sites.

Researchers are still not sure how the attackers are managing to hack these Web pages, but the pages all seem to use Microsoft's Active Server Page (ASP) technology, which is used by many Web development programs to create dynamic HTML pages.  A software bug in any of those programs is all the attackers need to install their malicious code.  The infected Web pages are not obviously malicious, but the attackers have added a small bit of JavaScript code that redirects visitors' browsers to an invisible attack launched from servers based in China.  The JavaScript attack code hosted on these infected Web sites takes advantage of bugs that have already been patched, so users whose software is up-to-date are not at risk.  However, McAfee warns that some of the exploits are for obscure programs such as ActiveX controls for online games, which users may not think to patch.

For more information visit http://www.networkworld.com/news/2008/031408-trend-micro-hit-by-massive.html?fsrc=rss-security or http://www.infoworld.com/article/08/03/14/Trend-Micro-hit-by-massive-Web-hack_1.html

Hackers calling themselves the iPhone Dev Team got ahold of the new firmware that ships with the SDK (version 1.2 as beta, but is to be released as 2.0 to the public) and reported they had "already decrypted the disk image and jailbroken the firmware." The "Jailbreak" apparently only works with hacked activiation, meaning it currently doesn't work with AT&T iPhone's. [more]

To read more, visit http://www.modmyifone.com/forums/showthread.php?t=62591 or http://www.informationweek.com/news/showArticle.jhtml?articleID=206903250