’)Ouch.
Albert Gonzales, 28, of Miami, Fla., was indicted today for conspiring to hack into computer networks supporting major American retail and financial organizations, and stealing data relating to more than 130 million credit and debit cards, announced Assistant Attorney General of the Criminal Division Lanny A. Breuer, Acting U.S. Attorney for the District of New Jersey Ralph J. Marra Jr. and U.S. Secret Service Assistant Director for Investigations Michael Merritt.
In a two-count indictment alleging conspiracy and conspiracy to engage in wire fraud, Gonzales, AKA ’segvec,’ ’soupnazi’ and ‘j4guar17,’ is charged, along with two unnamed co-conspirators, with using a sophisticated hacking technique called an ‘SQL injection attack,’ which seeks to exploit computer networks by finding a way around the network’s firewall to steal credit and debit card information. Among the corporate victims named in the indictment are Heartland Payment Systems, a New Jersey-based card payment processor; 7-Eleven Inc., a Texas-based nationwide convenience store chain; and Hannaford Brothers Co. Inc., a Maine-based supermarket chain.
The indictment, which details the largest alleged credit and debit card data breach ever charged in the United States, alleges that beginning in October 2006, Gonzales and his co-conspirators researched the credit and debit card systems used by their victims; devised a sophisticated attack to penetrate their networks and steal credit and debit card data; and then sent that data to computer servers they operated in California, Illinois, Latvia, the Netherlands and Ukraine. The indictment also alleges Gonzales and his co-conspirators also used sophisticated hacker techniques to cover their tracks and to avoid detection by anti-virus software used by their victims.
If convicted, Gonzales faces up to 20 years in prison on the wire fraud conspiracy charge and an additional five years in prison on the conspiracy charge, as well as a fine of $250,000 for each charge.
I hope this doesn’t affect my soon-to-arrive cash transfer from the former Nigerian finance minister’s chaffeur’s brother’s friend!
sql injection used to bypass firewalls? umm… love that the journalist really took the time to understand the issue… sheesh…
Not journalist. Press release writer for the DOJ.
SQL Injection is not a sophisticated attack, it’s like webapp security 101 time. People should be pissed at those companies for making their personal and financial data vulnerable to that.