RSS Alerts

Share

More services

Related Links

  • Imperva
  • Sophos
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Sophos reveals how Twitter, Yahoo and Google Adsense can be used to infect users with malware
    Sophos claims to have uncovered an interesting new hybrid style of security attack on Twitter users that taps into security issues with Yahoo and Google's Adsense advertising service.
  • Gordon Brown spam email is a hoax
    IT security and data protection firm, Sophos, have released a warning to web users that an email claiming that an image of Gordon Brown’s smile will infect your PC is a hoax
  • Sophos records a 70% surge in malware and spam on web 2.0 services
    Research just published by Sophos claims to show a 70% increase in the number of companies reporting spam and malware attacks via social networks.
  • Sophos introduces data loss prevention technology
    Sophos has added a new data loss prevention (DLP) technology to its stable of enterprise security software. The addition will, said the veteran security vendor, simplify how companies mitigate against accidental data loss.
  • Do Punishments Fit the Cybercrime?
    Although some collaborative strides have been made, the international law enforcement community still lacks sufficient resources and skills to have substantial impact on the cybercrime juggernaut. The (ISC)² U.S. Government Advisory Board examines deterrent effects of recent high-profile prosecutions, legislative gaps, challenges in US cybercrime laws, and obstacles facing international law enforcement strategies.

Top 5 Stories

News

TJX/Heartland card hacker mastermind jailed for 20 years

26 March 2010

Convicted criminal mastermind Albert Gonzalez – the man behind the infamous hack of TJX's computer systems and more than 130 million payment cards – has been jailed for 20 years.

In court yesterday, the judge who sentenced him described the case as "the largest and most costly example of computer hacking in US history."

As reported previously, Miami-based Albert Gonzalez – who was charged along with two Russian collaborators – pleaded guilty in September of last year.

Investigators said that the trio targeted more than 250 US companies, including payment processor 7-Eleven, Hannaford Brothers, Heartland Payment Systems and arguably the most high profile of all, TJX, the parent company to TJ Maxx.

In court last year, prosecutors explained how Gonzalez and his team used a variety of methodologies, including SQL injection attacks, to gain unauthorised access to large volumes of credit and debit card data.

The proceeds from the frauds reportedly generated untold wealth for Gonzalez and his team, including fast cars, expensive jewellery and a million dollars in cash, which he is said to have buried in his parent's back garden.

Commenting on the case, Amichai Shulman, chief technology officer with data security specialist Imperva said that the lesson to draw from the sentencing is simple: enterprises are fighting today's cyber war with yesterday's technology.

"Hackers continue to put up a persistent and very real threat to enterprise systems. The current data security spend is focused on enterprise networks, yet the Gonzalez attacks took distinct advantage of weaknesses in the database and applications", he said.

According to Shulman, the security weaknesses are an industry-wide problem.

"In 2009, the top ten data breaches reveal an interesting fact few have noticed. 74% of lost data came from database breaches, 19% from application breaches and 7% from network breaches. Yet, more than 90% of 2009's $16 billion in security spending was on network security. This disconnect needs to be remedied", he explained.

The prison sentence handed down to Gonzalez will, he added, act as a deterrent to criminals.

Over at Sophos meanwhile, Graham Cluley, a senior technology consultant, said that this is one of stiffest sentences ever given by a US court for hacking and identity theft

"Twenty years is a breathtaking sentence for anyone to receive but it is particularly unusual for a computer crime. It is encouraging to see that cybercrime cases, like this one, are being taken more seriously than ever before", he said.

"News of the security breach was, of course, embarrassing for all the stores involved – who must have been worried that customers would lose confidence in their ability to securely hold sensitive data", he added.

According to Cluley, what is fascinating about the story is that Gonzalez is reported to have been working for the US Secret Service when they became aware of his involvement.

"It seems to me that Gonzalez's double-dealing (stealing information from big companies with one hand, while fighting crime with the Secret Service on the other) is clear evidence of his arrogance – believing that he would never be found out and punished", he said in his security blog.

This article is featured in:
Compliance and Policy

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012