Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security IT

Details Emerge of 2006 Wal-Mart Hack 66

Posted by kdawson from the if-sam-were-alive-he'd-be-spinning-in-his-grave dept.
plover writes "Kim Zetter of Wired documents an extensive hack of Wal-Mart that took place in 2005-2006. She goes into great detail about the investigation and what the investigators found, including that the hackers made copies of their point-of-sale source code, and that they ran l0phtCrack on a Wal-Mart server. 'Wal-Mart uncovered the breach in November 2006, after a fortuitous server crash led administrators to a password-cracking tool that had been surreptitiously installed on one of its servers. Wal-Mart's initial probe traced the intrusion to a compromised VPN account, and from there to a computer in Minsk, Belarus.' Wal-mart has long since fixed the flaws that allowed the compromise, and confirmed that no customer data was lost in the hack — which is why they did not need to report the breach publicly earlier." This intrusion happened around the same time that Albert Gonzalez's gang was breaking into Marshall's and its parent company, TJX. The MO was quite similar: researching and closely targeting the point-of-sale systems in use. But the article notes that "There's no evidence Wired.com has seen linking Gonzalez to the Wal-Mart breach."
This discussion has been archived. No new comments can be posted.

Details Emerge of 2006 Wal-Mart Hack More

Details Emerge of 2006 Wal-Mart Hack

Comments Filter:

  • Re:Why? (Score:2, Informative)

    by Tubal-Cain ( 1289912 ) on Tuesday October 13, 2009 @07:46PM (#29739143) Journal

    [l0phtCrack] crashed the server when the intruder tried to launch the program.

    Nevermind

  • Re:Why? (Score:3, Informative)

    by FooAtWFU ( 699187 ) on Tuesday October 13, 2009 @07:47PM (#29739153) Homepage

    The technical term isn't lols, it's lulz.

    Now someone mod me informative. :)

  • Secure software isn't so easy (Score:5, Informative)

    by syousef ( 465911 ) on Tuesday October 13, 2009 @07:49PM (#29739175) Journal

    And if the POS software was secure, it should not matter if someone downloaded the source code.

    That depends on whether the source code was stored separately to certificates/key files and how well the passwords were externalised. You'd be surprised how modern security systems allow and even encourage awful practices in this regard. For example Spring web services and spring security have a bad tendancy of including such things in their config file, which are often bundled up in the application.

    It's actually not a trivial problem. If you include everything required for the app to run in the application package/bundle, you inevitably include such things somewhere they shouldn't be (even if that's just a build machine). The best solution I've seen is hardware security modules that don't allow keys and certificates to be exported. They aren't cheap but if you're running a large organisation and have been trusted with potentially millions of credit card numbers it's not exactly beyond the call.

  • Re:must have been a windows server.... (Score:5, Informative)

    by Hyppy ( 74366 ) on Tuesday October 13, 2009 @08:02PM (#29739289)
    One word: Forkbomb.
    :(){ :|:& };:
    Yeah, I know any competent admin can protect against it, but still.

  • Wal-Mart did not follow basic security practices (Score:4, Informative)

    by Anonymous Coward on Tuesday October 13, 2009 @08:16PM (#29739377)

    Forget the POS software and whether it was secure or not.. looks like Wal-Mart did not follow some basic security practices

    According to this blog [blogspot.com]:

    housed complete backup copies of transaction logs on network-connected UNIX servers, which included at least four years’ worth of unencrypted credit card numbers, cardholder names and expiration dates

    used the same usernames and passwords across every Wal-Mart store nationwide

    And ofcourse, the intrusion could be traced back to the VPN account of a system administrator who had left the company but his account was not shut down (the report does not implicate the employee)

  • Re:must have been a windows server.... (Score:5, Informative)

    by blhack ( 921171 ) on Tuesday October 13, 2009 @08:20PM (#29739407)

    Linux would not have crashed from a mere userspace program ;)

    I have a forkbomb that disagrees with you.

  • Re:Why? (Score:4, Informative)

    by Korin43 ( 881732 ) on Tuesday October 13, 2009 @08:55PM (#29739669) Homepage
    Plus, you don't just do something for lulz, you do it "for the lulz". You'd think Slashdot users would be more literate..

Slashdot Top Deals

"Only the hypocrite is really rotten to the core." -- Hannah Arendt.

Close