Wednesday 30 December 2009

The eCrime of the Decade goes unpunished

So finally, Gonzalez, the ‘mastermind’ behind the targeted Heartland cyber-attack SQL injection attacks that yielded around 150 million payment card details is being sentenced to at least 17 years in a US prison. To put this time in perspective, Gonzalez will serve about four seconds for every record stolen. His co-conspirators, believed to be in Russia, have yet to be apprehended, making this sentencing a hollow victory for the US justice system.

The Department of Justice Assistant Attorney General Breuer said that they “… will not allow computer hackers to rob consumers of their privacy and erode the public's confidence in the security of the marketplace,” adding, “criminals like Albert Gonzalez who operate in the shadows will be caught, exposed and held to account. Indeed, with timely reporting of data breaches and high-tech investigations, even the most sophisticated hacking rings can be uncovered and dismantled, as our prosecutors and agents demonstrated in this case.”

The reality is that the hacking ring has not been broken, and Mr. Gonzalez’ conspirators are free to continue their illegal activities. The technological vulnerabilities that allowed the Heartland breach to occur are still prevalent in the global IT infrastructure. Verizon has reported that these vulnerabilities are the growth exploit for cyber-criminals.

It would seem that enterprises and others should realize that they have a high likelihood to be hacked, given the prevalence of the vulnerabilities, and should take immediate precautions. Knowing that these vulnerabilities are present gives these enterprises a responsibility and obligation to protect their customers from the Gonzalez’ of the world, especially knowing only a few will ever be caught.