Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
The notorious John Dillinger was supposedly asked why he robbed banks. His reply was “That’s where the money is!” You could get the same reply if you asked a hacker why they attack credit/debit card payment systems. The information obtained could be used to generate millions in fraudulent transactions.
Simply in terms of the financial loss, the number one data breach of the 21st century so far was Heartland Payment Systems breach of 2008. 134 million credit cards were exposed through SQL injection attacks used to install spyware on Heartland’s data systems.
Who is Heartland Payment Systems?
Heartland Payment Systems, Inc. processes payments for debit, prepaid, and credit cards. They also process online payments and checks and provide payroll services. They are the fifth largest credit card processor in the US and ninth in the world.
At the time of the breach, they processed 100 million payment card transactions per month for 175,000 merchants. Most transactions Heartland processes are from small to midsized retailers. Heartland acts as the middleman between the point of sale (POS) and the banks’ card networks.
In January 2009 Heartland announced that the computers they use to process payment card transactions had been breached in 2008.
The data compromised included all of the information required to produce counterfeit credit cards, including the data coded on the card’s magnetic strip.
The breach was discovered after Visa and MasterCard notified Heartland of suspicious transactions from accounts it processed. Heartland found a spyware program planted by the hackers that stole the data over a period of several months in 2008.
In fact, the breach was a very slow moving event. It started with an “SQL Injection” attack in late 2007 that compromised their database. An SQL Injection appends additional database commands to code in web scripts. Heartland determined that the code modified was in a web login page that had been deployed 8 years earlier, but this was the first time the vulnerability had been exploited.
The hackers then spent 8 months working to access the payment processing system while avoiding detection from several different antivirus systems used by Heartland. They eventually installed a type of spyware program called a “sniffer” that captured the card data as payments were processed.
Sniffer programs are used to monitor network traffic for the purposes of analyzing and solving problems. Unfortunately, they can also be used to capture data for nefarious purposes. In this case the sniffer provided the thieves with the proverbial “keys to the Kingdom”, that is all the data required to counterfeit cards.
Truth and Consequences
The consequences for Heartland were severe.
They were deemed no longer compliant with the Payment Card Industry Data Security Standard (PCI DSS). Credit card providers such as Visa and Master Card require PCS DSS validation to be allowed to process their card’s payments. They were not able to be revalidated until May of 2009. At that time they announced an ambitious security strategy that included “end to end” encryption, the first of its kind.
The loss of revenue during this period was just the beginning. Heartland would eventually provide over $145 million dollars in compensation for fraudulent payments. The total loss for companies, banks and insurers would be estimated at over $200 million.
Well the good news is that the Feds got their men. In 2009 a Cuban American Albert Gonzalez and two unnamed Russian accomplices were indicted for the Heartland breach. Gonzalez was alleged to have masterminded an international operation that stole the credit and debit cards.
In March 2010 he was sentenced to 20 years in federal prison.
I may revisit the story of Gonzales and his gang of hackers someday, it is truly remarkable. He was a child prodigy who ran with, no, organized a bad crowd and engaged in numerous sophisticated schemes. He has already been featured on the CNBC show “American Greed”
So What Can We Learn from the Heartland?
Heartland rebounded well from the breach because it took responsibility for what happened. They took the lead in promoting solutions to prevent such breaches, particularly end to end encryption.
For everyone else the lesson is that you cannot be too secure. Heartland was supposedly PCI DSS compliant at the time of the breach. Clearly some things were missed. You need to check every web page continuously for vulnerabilities. Services like Comodo’s HackerGuardian will scan your pages for malware and PCI Compliance issues daily and are essential to the small and medium size business.
You must have a layered approach that implements the best firewall and malware scanning for the network connections points and on every server and computer on your network. You are only as secure as your weakest link.
Gonzales and his team overcame numerous security measures and tested their malware against 20 different antivirus systems.
Most malware protection systems use a “blacklist” of known threats to screen files. The problem with this approach is that the list has to be constantly updated and they can’t protect against threats not yet identified. As former Defense Secretary Donald Rumsfeld once said, the thing that you keeps you up at night are the thing that you don’t know and you don’t know that you don’t know them!
With 40,000 new malware unleashed every day it is a lot of work maintaining a blacklist.
I prefer antivirus systems that use a “whitelist” approach. That is where the scanner uses a list of known valid programs to allow only safe programs to run in the system. For any other software they allow it to run in a separate, isolate system called a “sandbox.” The scanner monitors the program in the sandbox and can identify if it is safe or not.
Such systems are sometimes criticized as being too aggressive and they require closer attention. However, the Heartland breach is evidence that an aggressive approach to network and computer security is more than warranted in 21st century.
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats