Experts: More Heartland-Style Breaches Expected
Despite Arrests, Analysts say 'This is Probably Just the Start'
Linda McGlasson, Managing Editor
The announcement by federal prosecutors that three hackers have been indicted for the Heartland Payments System breach comes a week before the payments processor faces a judge in federal court over two class actions suits.
In response to the indictments, information security experts say this activity might represent a battle won, but the war against hackers is nowhere near over. "
The fact that three folks (assuming that that's all there were) can do all this says that it's pretty darn cost-effective to steal card data," says David Taylor, founder of the PCI Knowledge Base. "Talk about 'low overhead.'" "It's always great to see the bad guys being hauled in, especially with a case this big, but it would be a mistake to assume that there aren't other criminals out there with similar goals and skill sets," says Tom Wills, Senior Analyst, Security & Fraud at Javelin Strategy and Research. Because law enforcement and the various victim companies' fraud departments did such a good job of investigating the case, it looks like prosecutors stand a good chance of getting a conviction, he notes. "Although we now know the form of attack that (Albert) Gonzalez and his accomplices used, it would be valuable for the information security community to get a detailed, blow-by-blow description of both the attacks and countermeasures adopted against them."
