Feds Identify Overseas Suspect In Heartland Case

Written by Evan Schuman
January 23rd, 2009

The Secret Service has identified an overseas suspect in the Heartland data breach case and the matter has been turned over to the U.S. Justice Department, according to someone close to the investigation.

Few additional law enforcement details were immediately available, other than that the government believes it has identified the cyber thief involved, has “pinpointed” that suspect’s location and that it’s outside of North America, the source said.

A little more background on the case was also disclosed Friday (Jan. 23) by Heartland itself. The processor first learned of the breach (when alerted by Visa and Mastercard) in late October/early November, said Heartland spokesman Jason Maloni. Previously, the only comment had been that it had been alerted in late Fall, which could have been as late as Dec. 20.

Maloni also revealed that when the sniffer software had been discovered by Heartland, the application had already been deactivated, presumably by the cyber thieves who had planted it. “It was inactive when we found it,” Maloni said.

Maloni said he didn’t more about the application’s inactive status, such as whether it had been fully terminated or whether it could have been merely dormant, programmed to awaken at some future point. If the Trojan had been deactivated, that could mean that the thieves learned they were being hunted and shut off many such applications to try and make it more difficult for investigators to discover their location.

Given the word that the Secret Service believes it has located the prime suspect, it raises the possibility that law enforcement was already on their trail long before the Heartland spyware was detected.

Maloni also confirmed that Heartland had been certified as PCI compliant and he now provided a certification timeframe: April 2008.

Heartland’s CEO, Robert O. Carr, issued a statement Friday that his company is faring well despite the announcement of the breach. Heartland has “added more than 400 merchants to its client base in the past few days, exceeding results for the same period from last year,” Carr said. “Despite the headwinds of the economy and attacks by some of our competitors, we have installed new merchants, new payroll clients and new check management clients since our disclosure of the breach on Tuesday morning.”

The statement didn’t say when those negotiations began, but it’s likely that most—if not all—of those negotiations had been well under way by the time the breach was announced on Jan. 20, so it’s not as though those 400 retailers were moved to join Heartland after they heard of the breach. Then again, it also means that at least those 400 weren’t scared away from signing after they learned of the breach.

Carr also took the opportunity to push the industry for more openness and data-sharing when it comes to cyber assaults. “I have talked to many payments leaders who are also concerned about the increasing success and frequency of cyber crime attacks,” Carr said. “Up to this point, there has been no information sharing, thus empowering cyber criminals to use the same or slightly modified techniques over and over again. I believe that had we known the details about previous intrusions, we might have found and prevented the problem we learned of last week.”


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.