i am a learner/student in computer forensics. i am sure my workshop instructor will talk about the recent credit card scam happen in Spain; according to the news, someone hack into one of VISA's agent in Spain to get thousands of credit card information from that agent server.
Anyone can shred me some lights how is this happen?
what should we look for if we got a chance to do a Live Forensics on the subject machine and what types of files should we look for (i refer here is some type of netcat or anymore sophisticated hack, any name for me to start is good enough)?
any expert can point me some direction will be highly appreciated.
thanks,
i am a learner/student in computer forensics. i am sure my workshop instructor will talk about the recent credit card scam happen in Spain; according to the news, someone hack into one of VISA's agent in Spain to get thousands of credit card information from that agent server.
Anyone can shred me some lights how is this happen?
It is unlikely that you will get any reliable information regarding this or other incidents like this from such a request.
Companies handling Payment Card Industry (PCI) data are understandably unwilling to share any details about breaches that isn't required by laws governing reporting. Even when there are public disclosures, you can't, necessarily, rely on the truthfulness of these since companies will either want to divert responsibility to some unnamed third party or alter the information so as to avoid further risk or liability.
However, in general, the possible mechanisms are discussed in many books and papers on data breaches and include one or a combination of
social engineering
sale/deliberate or accidental disclosure of data by employees/contractors
physical break in
theft of laptops/devices containing data
inadequate security on servers connected, in some way, to the Internet (including malware)
What you should look for is determined by what you suspect which is, in turn, determined by what facts you have regarding the breach. Without facts, you are shooting in the dark although certainly a screen for exploits, malware, rootkits, suspicious account activity, open ports, etc., would be part of the investigation.
Anyone can shred me some lights how is this happen?
….
any expert can point me some direction will be highly appreciated.
thanks,
As seanmcl said - most PCI bound companies do not give this info out for free. Well most companies in fact don't let the world know how they were breached!
But a good source of how/why/who facts can sometimes be found in the indictments and DoJ Press Releases (in the US anyway). For example the two that were filed for Albert Gonzalez (he that "acquired" millions of credit cards numbers from companies such as TJX, Barnes and Noble, BJ's Wholesale Club and notably Heartland Payment Systems). Heartland was allegedly in the region of 130 million credit card details and TJX and the others 40 million - estimate.
The Heartland Indictment can be found at http +// +
And the DoJ press release on TJX can be found here http +// +