Feb
17
Update: First Arrests in Heartland Case
Posted by Keith McMillan
February 17, 2009 | Leave a Comment
It seems that if you steal enough credit cards, then you might actually get arrested. Last week I posted about the Heartland Payment Systems case, and today, Computerworld is reporting that the first arrests have happened in the case. This to me is remarkably swift justice.
The Leon County, Florida Sheriff’s office earlier this week announced the arrests of three area residents — Tony Acreus, Jeremy Frazier and Timothy Johns — for allegedly using stolen credit card numbers associated with the breach.
I was just reviewing some of the Payment Card Industry Data Security Standard information today, and was struck by the requirement to encrypt data when it was in transit. According to all the information I’ve seen so far, this breach happened because someone managed to get a network sniffer in place, and capture transaction data. I may be missing the point, but how were they able to read the traffic if it was encrypted? Did they have the keys, or was Heartland playing fast and loose with the DSS? I don’t understand enough about either the facts in the case, or the DSS to say if this is reasonable or not, but it sure seems like someone at Heartland could be in a world of trouble.
Comments
Comments »
Blogroll
- Ars Technica
- Dark Reading - IT Security
- Help Net Security
- InformIT
- SANS Internet Storm Center
- Schneier on Security - Dr. Bruce Schieier’s blog
- Security Info Watch
- What to Fix - Daniel Markham, fellow consultant
- Wired Gadget Lab
- Wordpress Documentation
- WordPress Planet
- Wordpress Support Forum
No comments yet.