Tuesday, October 13, 2009

MUST Read on Walmart Intrusion

Move over “Heartland-gate”, make room for “Walmart-gate” :-)

Wired uncovers a very fun story here. The juiciest quotes follow below:

On intruder goals:

“hackers targeted the development team in charge of the chain’s point-of-sale system and siphoned source code and other sensitive data”

On practices:

“at least four years’ worth of customer purchasing data, including names, card numbers and expiration dates, were housed on company networks in unencrypted form.”

On intrusion discovery (Was is … an IDS maybe? Ha, not funny!):

“a fortuitous server crash led administrators to a password-cracking tool that had been surreptitiously installed on one of its servers”

On logging:

“The company’s server logs recorded only unsuccessful log-in attempts, not successful ones, frustrating a detailed analysis.”

Please read the above line again! Again! AGAIN!

On some spoils of war:

“one of the documents that flew off to Minsk from a programmer’s machine was titled“POS Store Systems Technical Specifications TLOG Encryption and Financial Flows.” […] The hackers also stole or accessed files containing point-of-sale source code and executables, as well as additional proprietary documentation detailing the company’s transaction processing network.”

On PCI role:

“Wal-Mart says it received a number of [PCI DSS compliance validation] deadline extensions […] … became certified as PCI-compliant in August 2006 by VeriSign. After it discovered the breach in November 2006 …”

Read the whole thing, will ya?!

Dr Anton Chuvakin