Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Hannaford says malware planted on its store servers stole card data

Card numbers were sent overseas in batches; grocer has replaced all affected systems

By Jaikumar Vijayan
Comments
16
Recommended
319

Active Comments

Anonanon says: I would say that most corporations (of a certain size) do not buy a PC (well, server) with an Operating...
Read the rest | Reply
Anonymous says: Where did they find these "experts" who feel they are qualified to quote on the situation? They obviously do not...
Read the rest | Reply
All Comments (16) | Post New


March 28, 2008 (Computerworld) Hannaford Bros. Co. disclosed this week that the intruders who stole up to 4.2 million credit and debit card numbers from the grocer's systems did so by planting malware programs on servers at each of its stores in New England, New York and Florida.

The malicious software was used to intercept the payment card data as the information was being transmitted from Hannaford's point-of-sale systems to authorize transactions, the company said in a letter sent to Massachusetts officials on Tuesday. The malware then forwarded the stolen card numbers as well as their expiration dates to an overseas destination, according to the letter, which was signed by Emily Dickinson, Hannaford's general counsel.

The discovery of the mass malware installation prompted a wholesale replacement of Hannaford's store servers. Dickinson's letter said that with help from the U.S. Secret Service and IT security vendors, the company has identified and replaced all of the affected hardware "and otherwise ensured that no versions of the malware remain anywhere on the company's systems."

The letter offered no explanation as to how the perpetrators might have gained access to each of the company's servers to plant the malicious code on them. Echoing separate comments by Hannaford officials, Dickinson wrote that the grocer was certified both last year and on Feb. 27 as being compliant with the Payment Card Industry Data Security Standard, or PCI.

The Hannaford breach, which the company disclosed on March 17, is among the first large-scale intrusions involving the interception of card data while it's in transit between systems, said Mike Paquette, chief strategy officer at Top Layer Networks, a vendor of intrusion-prevention systems in Westboro, Mass. Most of the compromises reported thus far have involved information stored in databases on systems or in storage devices, Paquette said.

Based on the information available so far, the initial intrusion into Hannaford's systems could have happened in several ways, Paquette added. One likely scenario, he said, is that the attackers took advantage of an undetected remotely exploitable vulnerability in one of the company's servers to gain a foothold on its network and then planted the malicious code on all of the store servers.

It's also possible that the perpetrators were able to break into Hannaford's servers because of overly permissive firewall rules or because the grocer's antivirus software failed, said Chris Andrew, vice president of security technology at software vendor Lumension Security Inc. in Scottsdale, Ariz.

Another possibility, Andrew said, is that someone — even an insider — could have had physical access to a server and planted the malicious code on it, then replicated the malware across the entire Hannaford environment. Many retailers use a standard software image on all of their servers, he said — so if one system has a security weakness, it's likely that the others would as well.



Make a Comment Recommend Story Slashdot this Digg this
Print Story Send Feedback Email this Reprints

Related Content

Webcast: Simplifying the Data Center Network
Whitepaper: The Latest Advancements in SSL Technology

CW Report: An Apple for Your Enterprise?
Apple's antivirus advice 'big to-do about nothing,' says researcher
Experts douse Sinowal Trojan hype
Apple pimps AV: Mac bloggers shocked, PC bloggers mock
New Windows worm builds massive botnet
Anti-virus no defence against botnets, says vendor

Today's Top Stories

Clues point to Jan. 13 release of Windows 7 beta
Microsoft releases Vista SP2 beta
Obama's DHS pick may find support for raising H-1B cap at confirmation hearing
IBM wants info from Apple execs in Papermaster case
License server glitch exposes SonicWall users to e-mail security threats
Report: Former AOL chief exec tries to raise funds to buy Yahoo

What People Are Saying

See comments | Add new
See comments | Add new

Resource Alerts

to receive Cybercrime and Hacking Resource Alerts

Webcasts

Real-time collaboration and development with IBM® Rational® Team Concert streamlines any project

Web Threats Don't Discriminate

Simplifying the Data Center Network

Whitepapers

Go Green with Webroot® Perimeter Security SaaS!

Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology

The Latest Advancements in SSL Technology

Computerworld Reports

Compterworld Technology Briefing: Intelligent Users Use Business Intelligence

Computerworld Report- Large Enterprises Pay More for IPAM

An Apple for Your Enterprise?

Editor's Picks

Clues point to Jan. 13 release of Windows 7 beta

Microsoft releases Vista SP2 beta

Obama's DHS pick may find support for raising H-1B cap at confirmation hearing

IBM wants info from Apple execs in Papermaster case

License server glitch exposes SonicWall users to e-mail security threats

Report: Former AOL chief exec tries to raise funds to buy Yahoo

Featured Column
In SecurityIn Security
Stripping away the trappings of applications, systems and networks, information is the core asset of most organizations. Our columnist describes how asserting the importance of information governance is crucial to making that asset tangible, addressable and protected.

Click here to read the latest column by Jon Espenschied
White Papers
Protecting Exchange
While it was once just a convenient way for employees to communicate internally, today e-mail systems like Exchange are tightly integrated with other business applications and are one of the primary methods for communicating with current and prospective customers. Protecting Exchange against costly downtime has become a top priority for more IT departments. So how do you ensure that your Exchange environment is always protected?
Download this white paper now! 
Featured Column
The Spy FilesThe Spy Files
For Congress to do anything that helps protect consumers and the critical Internet infrastructure as a whole, it must pass laws that require proactive processes to protect computers, not that tell people how to deal with the resulting mess, says Ira Winkler.

Click here to read the latest column by Ira Winkler
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
The 2008 ERP in Manufacturing Benchmark Report Summary
IronPort Web Reputation Filters Tech Note
Designed to Manage Lean Principles
View more whitepapers 
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.