Another Albert Gonzalez indictment gives details of how he hacked into Heartland Systems. This breach compromised 100 million records, cost Heartland $12.6 million in Q1 2009, and destroyed $300 million in shareholder value. Again, the interesting part is how easily it could have been mitigated in retrospect.
The breach began when hackers exploited a SQL injection vulnerability on an externally accessible server. This is a well known error and can be prevented using basic programming techniques and detected using widely available web application scanners.
The SQL injection was used to install “back door” malware onto a Heartland server. This back door allowed the hackers to communicate to and from that server. This mechanism was used to transmit the credit card data to the external servers. As with TJX, this communication could and should have been blocked by firewall rules.
