This video is actually quite amusing and worth the 10 minutes out of any one's busy schedule even if you are not much of a computer guys, as I am. One of the first policy violations that I noticed while watching the clip was the users misuse of the computer by downloading and playing video games. Company policies usually state that employees are not to use the computers for anything non-work related, basically referring to surfing the web, but especially not playing halo at work. This poses as a distraction to the employee, as it was in the clip and I am not sure or not, but I think downloaded software such as these games can unleash viruses or malware into the computer posing a potential security threat.
Another policy violation, is when chip asks the user to reboot the server because that's what they did yesterday. And the guy actually reboots it for him without even verifying who hes talking to, what department, or anything that could validate him being a legitimate employee. The user who rebooted the server should have known better and at least asked for some credentials or checked with his boss, who would have told him not to reboot the server because they then need to power off to boot it on. After the web guy reboots the server he then gets yelled at from his boss because he sent an email out clearly explaining not to. So web guy goes into his bosses sent mailbox on his work email and deletes the message so it looks like he never sent it to web guy. This is basically non-repudiation, which is the concept of ensuring that a party in a dispute cannot repudiate, or refute the validity of a statement or contract. Web guy also shows a lack of integrity here and is not a trustworthy employee. Web guy is violating company policies and breaching the security system by accessing other user's emails. This is a major violation and he could potentially be fired for performing something like this if he were to get caught. There must be some way security program to block employees from doing this otherwise this would be a recurring incident and a major problem. And on top of it all, web guy blames the sales guy for the whole mess because he told him to reboot the system in the first place.
I noticed that when web guy sent someone down to the server room to physically reboot the server he was reviewing the security cameras. I am not sure what company policy is or who is suppose to review the cameras, but I know that where I work the only employees allowed access camera footage is the security department and of course the top executives. If I remember correctly, web guy is neither and I don't think he should have access or be reviewing those cameras. He might have access or he might be hacking into the security system to see the cameras, which I am sure is against company policy, a security breach, and maybe even a computer crime.
One last policy/security violation that I noticed was the web guys violation of confidentiality and authorization when he signed onto, chip, the sales guy's computer desktop. First of all the sales guy was stupid enough to give web guy his password and asset key, but web guy should have never asked him for it in the first place. He has no right to observe whats on his desktop and its not up to him to determine what right and wrong considering all of the policy violations that he committed in only 10 minutes. Web guy then access sales guy's desktop from his and proceeds to close out programs, open programs, mess with sales guy's icons and even manages to take a picture of his desktop, which I find to be a huge security violation. He could essentially take pictures of all his data and send them to anywhere, which I didn't even know was possible. Every viewing this clip it's actually pretty cool to see how amazing some people really are with these computers and the extremes that they are capable of. I am sure that this may be baby stuff compared to real computer geniuses, but this is astonishing to me and very interesting. This goes to show you that you can't trust any employee and that a secure computer security system must be priority within any company if that organization wants to keep information confidential and remain successful.
Friday, February 13, 2009
Thursday, February 5, 2009
Heartland Payment Systems Security Breach
Heartland Payment Systems is a nationwide company that is responsible for processing millions of payments a day, ranging from credit/debit cards to payroll and checks. Heartland caters to a variety of industries such as, the restaurant industry, lodging and hospitality, university campuses, the retail industry, and many more. Heartland allows for these companies to provide their customers with the best possible business solutions and at their convenience. Heartland helps to navigate companies through the complexities of payment transactions so they can focus on running a successful business and not have to worry about the issues and problems that can arise.
Unfortunately, Heartland had a recent security breach in 2008, which was officially disclosed to the public on January 20, 2009. The data breach could possibly be one of the largest data breaches ever reported as Heartland is responsible for more than 250,000 businesses and has estimated to handle over 100 million transactions a month. No one knows how many businesses or cards were affected because Heartland has not yet released that information, but my guess is that a majority of Heartland's customers if not all were exposed and someone now has all their information. It was a couple of months before anybody even noticed that some kind of malicious software was planted in the company's payment processing network so I'm sure the perpetrator got more then enough credit card information. According to Heartland's President and CFO, Robert Baldwin, the exposed data consisted of names, credit and debit card numbers and expiration dates. The exposed data did not include cardholder social security numbers, PIN numbers, and addresses or telephone numbers, but when you think about it, if you have someone credit care information and name then you could easily find out their address and telephone number. And I am sure that the people behind this breach can easily obtain their socials with the information they have and their extensive computer knowledge. The data stolen was information encoded on the magnetic stripes on the back of debit/credit cards, which gives the perpetrators the ability to forge counterfeit cards by imprinting that same information on a fake card. Apparently, according to a breach forensic team and the U.S. Secret Service, the malicious software was some type of keylogger malware, which captures and records keystrokes on a computer, such as names and passwords. Once the keylogger malware penetrated the systems firewall, it sent out something called a sniffer which captures not only key strokes, but entire data packets passing over their digital network. Just researching keyloggers on google, it seems as if they are not hard to purchase and apparently they are widely available on the Internet. You can purchase keyboards that have the system set up already or purchase the part and software to install in the keyboard so anyone could be capable of pulling of a security breach. Whether or not this person was an insider, I'm not really sure, anyone with access to Heartland's facilities could have planted the device. It only takes a few seconds to do. A vendor could be responsible or maybe a disgruntled employee looking for revenge. I think that social engineering could have played a part in the security breach but at the same time if it was an inside job then there would be no need to trick or manipulate that person into giving you valuable information because you have access to the building and the computers. Maybe you don't have access to the specific department or network where the malware was originally found so social engineering might have been used in that case. This is a very unfortunate event that occurred to Heartland Payment Systems but at the same time it is a huge wake up call that could eventually benefit the company in the future. Since the finding of the data breach, Heartland has made an attempt to safeguard against further data breaches in the future by implementing encryption to protect data passing over the network, reached out to other merchants and companies to inform them of the data breach and what they are doing to prevent it from happening again. Over 400 new clients have joined Heartland Payment Systems since the breach so obviously Heartland Systems is taking the necessary steps to ensure their customers trust and safety.
Unfortunately, Heartland had a recent security breach in 2008, which was officially disclosed to the public on January 20, 2009. The data breach could possibly be one of the largest data breaches ever reported as Heartland is responsible for more than 250,000 businesses and has estimated to handle over 100 million transactions a month. No one knows how many businesses or cards were affected because Heartland has not yet released that information, but my guess is that a majority of Heartland's customers if not all were exposed and someone now has all their information. It was a couple of months before anybody even noticed that some kind of malicious software was planted in the company's payment processing network so I'm sure the perpetrator got more then enough credit card information. According to Heartland's President and CFO, Robert Baldwin, the exposed data consisted of names, credit and debit card numbers and expiration dates. The exposed data did not include cardholder social security numbers, PIN numbers, and addresses or telephone numbers, but when you think about it, if you have someone credit care information and name then you could easily find out their address and telephone number. And I am sure that the people behind this breach can easily obtain their socials with the information they have and their extensive computer knowledge. The data stolen was information encoded on the magnetic stripes on the back of debit/credit cards, which gives the perpetrators the ability to forge counterfeit cards by imprinting that same information on a fake card. Apparently, according to a breach forensic team and the U.S. Secret Service, the malicious software was some type of keylogger malware, which captures and records keystrokes on a computer, such as names and passwords. Once the keylogger malware penetrated the systems firewall, it sent out something called a sniffer which captures not only key strokes, but entire data packets passing over their digital network. Just researching keyloggers on google, it seems as if they are not hard to purchase and apparently they are widely available on the Internet. You can purchase keyboards that have the system set up already or purchase the part and software to install in the keyboard so anyone could be capable of pulling of a security breach. Whether or not this person was an insider, I'm not really sure, anyone with access to Heartland's facilities could have planted the device. It only takes a few seconds to do. A vendor could be responsible or maybe a disgruntled employee looking for revenge. I think that social engineering could have played a part in the security breach but at the same time if it was an inside job then there would be no need to trick or manipulate that person into giving you valuable information because you have access to the building and the computers. Maybe you don't have access to the specific department or network where the malware was originally found so social engineering might have been used in that case. This is a very unfortunate event that occurred to Heartland Payment Systems but at the same time it is a huge wake up call that could eventually benefit the company in the future. Since the finding of the data breach, Heartland has made an attempt to safeguard against further data breaches in the future by implementing encryption to protect data passing over the network, reached out to other merchants and companies to inform them of the data breach and what they are doing to prevent it from happening again. Over 400 new clients have joined Heartland Payment Systems since the breach so obviously Heartland Systems is taking the necessary steps to ensure their customers trust and safety.
Subscribe to:
Posts (Atom)