Sunday, January 25, 2009

Suspect ID'd in Heartland Breach


Heartland "Break In" News

Evan Shuman, editor of Storefront Backtalk, is reporting on his site that the Secret Service has identified the source of the Heartland breach and turned it over to the DOJ.   Or at the very least the SS has PINpointed their location...overseas.


You'd think this to be big news, considering all the attention being given to the breach.  You'd also think that since it took so long to discover the breach, it might take longer than 2 or 3 days to find the source of the breach. I've googled "heartland suspect" and apparently Mr. Shuman has quite the breaking story, because I can't find mention of the PINpointing of the suspect  anywhere else, which doesn't trackback to backtalk.  anywhere. 

From Storefront Backtalk:

"The Secret Service has identified an overseas suspect in the Heartland data breach case and the matter has been turned over to the U.S. Justice Department, according to someone close to the investigation.


Few additional law enforcement details were immediately available, other than that the government believes it has identified the cyber thief involved, has “pinpointed” that suspect’s location and that it’s outside of North America, the source said.


"Given the word that the Secret Service believes it has located the
prime suspect, it raises the possibility that law enforcement was
already on their trail long before the Heartland spyware was detected.
"

Continue Reading at StoreFront Backtalk


That's an interesting observation...they knew about the trail, but not about the nuts (and bolts) of their operation.   Then again, original reports did quote Heartland's president and CFO, Robert Baldwin as saying: "Our discussions with the Secret Service and Department of Justice give us a pretty good indication that this is part of a group that appears to have done security breaches at other financial institutions."


Evan Schuman also reports that Heartland is now saying it was first alerted by Visa and Mastercard in the late October, early November time frame.  (you'd think there'd be an exact date they were notified by V/MC)  A "timeframe"  applies to when they "think" the malware was  released into their system. 

Although there's no official word on when the malware was first introduced into Heartland's system, there  has been talk that the malware has been "present " since May, 2008.  That's 6+ months of MP (Malware Present") transactions. 

Evan also goes on to say that Heartland spokesman Jason Maloni advises that when the sniffer software was finally  identified by the outside forensic expert hired by the company, the malicious program was inactive, which means that the suspects may have been "on" to the forensic investigation, and turned it off. 



Reblog this post [with Zemanta]

Disqus for ePayment News