.

Heartland and TXJ, fail...

<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Mon Aug 24, 2009 12:28 am

Heartland and TXJ, fail...

So... after reading the TXJ and heartland news reports and watching on HNN I have to laugh a bit.


The TXJ and Heartland break-ins were a huge topic this year and last. Over 4.2 million credit cards were exposed and sold on the black market. Numerous times these break-ins have been cited as the staple for recent PCI initiatives, funding for more cybercrimes units, and the "you dont wanna end up like this"  corporate bedtime stories.

But lets take a trip down memory lane...

Do any of you remember 2004? I know... a long time ago, but indulge me.

If you were a carder or hacker you used two means of selling your stolen PII... IRC or forums. Believe me, I was a primary identity theft researcher during this time.

Sure you did it through proxies, nicks, encryption, etc, but... all the negotiations went down through offshore forums like... Shadowcrew, cardersmarket, blackpalnet, et al. There was tons of these forums but Shadowcrew had reached a certain popularity... a critical mass of some sorts.

After some deliberations the US decided to give identity theft responsibilities the the Secret Service. In 2002 they managed to 'compromise' the security of Shadowcrew by busting one of its lead administrators. This administrator, not named by them at the time, hosted up an anonymity service to all the big-wigs on shadowcrew, an offshore VPN. Then after gathering and analyzing all that data and having complete control of shadowcrew, they finally arrested a ton of carders and hackers all across the world.

Who was this mystery admin? None other than 'cumbajhonny' aka Albert “Segvec” Gonzalez, the same man who hacked TJX and Heartland.

There's an observation and irony here:

Observation:

The secret service along with foreign governments 'released' cumbajhonny for outstanding cooperation but not until he had exhausted his usefulness to them breaking down other carding forums and big names. This went all the way to 2007 meaning he might have hacked TJX and Heartland right under their watch.

Irony:

The Shadowcrew bust was touted as the biggest cybercrime bust in the history of the WORLD at an estimate 4.1 million dollars trafficked on the site. Two years later the Heartland hack ALONE cost consumers 12.6 million...

food for thought...
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Aug 24, 2009 7:19 am

Re: Heartland and TXJ, fail...

Well, the US Government has issues.  I mean we are talking about an organization that promotes people that don't play well with others instead of firing them.  Feds are always playing catchup in terms of knowledge and load of case work.  Ever Fed I have ever spoken with complained about how much of a case backlog they have.  These type of investigations will always take second seat to national security, kidnapping, and other cases. 

I think that one of the major issues is that the time frame you mentioned (2004-2007) falls under the Bush administration, whose priority was national security.  I wouldn't be surprised if this entire investigation was on the back burner and assigned to flunkies that couldn't be used for "more important" tasks. 
~~~~~~~~~~~~~~
Ketchup
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Mon Aug 24, 2009 8:35 am

Re: Heartland and TXJ, fail...

After watching the HNN cast this week, and from other things I'm reading. I'm left with 2 questions.

1) Why are they required to keep peoples credit card / debit card information after transaction has been completed? After all from what I've heard, but maybe I miss understood, these were not online transactions.

2) Why am I still using my credit and debit cards for anything?
OSWP, Sec+

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software