Another one bites the dust

By

Mapping the tragedy of the Hannaford breach in a post-mortem sense should be just as important to the grocery chain as the upgrade of the system.


Case studies in security breaches are interesting as they do not just expose a potential threat to customers or clients, but also expose the many vulnerabilities in a business' infrastructure both technical and managerial.

Recently, and close to home here in Vermont, it was reported that Hannaford's chain of grocery stores had malware installed on hundreds of servers which affected many of its stores.

However, during a security audit, it was reported that Hannaford was certified as security compliant. My question is, were any recommendations made during the audit? Was an upgrade scheduled if recommendations were made? What decisions were made to keep or eradicate such vulnerabilities?

What existing tools were updated? They met industry security standards, so what exactly did they need to do, maybe nothing? Remember, security is a PEOPLE problem, not simply a system problem.

The fallout that is now seen, as reported, is two class action lawsuits: 4.2 million credit cards compromised, 1,800 fraud cases linked…and counting.

Reports have also indicated that the sequence of events were as follows:

Data breach: December 7, 2007 (post attack finding)

Hannaford discovered breach: February 27, 2008

Hannaford contained breach: March 10, 2008.

In the two week period between discovery and containment, what happened? And why so long to containment?

The complexity and magnitude of this attack smacks of insiders, outsiders, and traffic patterns that could indicate some kind of problem. Here comes the rest of the iceberg…It just seems that it was a long time from discovery to closure on this one.

Mapping the tragedy in a post-mortem sense should be just as important to Hannaford as the upgrade of the system. I trust this happens each and every time there is a security breach anywhere (she says hopefully).

Let's rewind to our first security course:


  1. Try to prevent disasters in a proactive manner, do not plan on managing the disaster reactively.

  2. Do NOT ignore IDS alarms, train your IDS properly, and understand what constitutes “normal” behaviour for the network.



Hey, somebody close that barn door already will ya?




Danielle Zeedick is a professor of information assurance and program director of the Bachelor of Science in Information Assurance at Norwich University in Vermont.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?