The feds have zeroed in on a foreigner as Suspect No. 1 in the Heartland breach caper, according to Evan Schuman, retail security expert and resident pundit at StorefrontBacktalk.com.
A caveat: This comes from an unnamed source “close to the investigation.” Few additional law enforcement details were immediately available, other than the suspect’s location is somewhere outside of North America. Schuman also reports that Heartland is now saying it was first alerted by Visa and Mastercard in the late October, early November time frame.
He says Heartland spokesman Jason Maloni advises that when the sniffer software was finally identified by the outside forensic expert hired by the company, the malicious program was inactive. To see Schuman’s full report click here. Meanwhile, I asked Paul Henry, forensic analyst at Lumension, to play Sherlock Holmes to my Mr. Watson. Here’s our exchange:
Byron: Could it be that Heartland and Star Processing were hacked in the same manner, perhaps by the same gang?
Paul: Little has been said publicly about issues involving Star Processing we know that a bank “Forcht Bank” of Kentucky is currently replacing customers cards and Star Processing handles their credit card transactions.
Byron: I wonder how many other card processors or data handlers in the payments transaction chain have been similarly hacked in the past six 6 or so months?
Paul: Looking at breaches involving credit card processors in the last 6 months only one comes to mind. The Fiserv Inc - breach impacted multiple client banks. Other breaches involving credit cards, not involving large processors, included; GE Money / Iron Mountain; Omni American Bank; Hannaford Bros Super Market Chain; Compass Bank; Mellon Bank; Advance Auto Parts; 1st Source Bank; 7 Eleven CitiBank ATMs; and Bank Atlantic.
Byron: Any idea how many card issuers Visa and MasterCard have instructed to replace suspect payment cards?
Paul: These numbers are not published by Visa or MasterCard. There are only assumptions floating around the web.
Byron: Who appears to be doing these hacks: one, or a small number of, elite gangs? Or a larger number of free-lancers, like Albert Gonzalez the accused TJX hacker?
Paul: My money would be on small elite gangs; if it were organized crime this would be on a much larger scale
Byron: How mature is the supporting criminal network that is selling, testing and using the stolen card data to make profits? Is there a dominant gang? Or are there spontaneous partnerships popping up as needed?
Paul: Historically spontaneous partnerships popping up as needed - supply and demand