The security week that was: 01/23/09

The bank robber of the future

In the movies, the guys who pull off big bank robberies are the smart ones. They’re using high-tech devices, coded communications, the latest plasma cutters, and they can tap into your surveillance network. In real life, they’re impulsive idiots. They jot a note, stuff a gun in a pocket, grab a bag of cash, and often get tagged with the dye packs that are inserted into the money bags. As I wrote in a recent recap, some are even so dumb as to show up before the money is delivered and then file complaints that there was no money when they went to rob the bank.

But the newest form of the bank robber doesn’t even hit the bank itself. They hit places like Heartland Payment Systems, a company whose corporate offices are in New Jersey and which has locations throughout the U.S. and Canada. Heartland announced a major breach this week on the day of the presidential inauguration (what a sly attempt to get this swept under the rug); they had fallen victim to a piece of spyware installed on the company network. This spyware reportedly had the ability to capture the data from the millions of credit card transactions that Heartland processes. You probably wouldn’t know this company’s name, since they work behind the scenes of most consumers, but they process card transactions for hundreds of thousands of retailers and businesses. Details are still emerging, but this is reported to be one of the worst payment card industry data breaches on record.

And that is the new version of financial and banking security. The guy in the hooded sweatshirt with the gun may cost you $20,000. The guy who wrote and installed the spyware may cost you your customers and your business. In fact, that’s exactly what happened to CardSystems Solutions. After that company was hit by a breach, the company couldn’t get the engines fired up again, and eventually shut down. There’s no better lesson on the relationship between security and business continuity than the story of what had happened to CardSystems; Heartland might even share the same fate.

For those of you wondering what this means for customers, log in and check your bank info and make sure you’re not seeing any suspect charges. Keep an eye on it closely and on your credit reports. One thing we’ve been hearing is that credit card data thieves will sometimes run a $.25 charge to a card account as a test. Some speculate that hackers are running these small charges on a high number of stolen accounts – small enough that most people just ignore them – as a test before selling bulk card info to criminals. Other times, like in the classic case of a physically stolen credit card, it’s just a test before they try to go out and make a big purchase.

Inauguration security a huge success
Security industry vendors help keep the president safe

CNN reported on Thursday that there were no arrests made during the Obama inauguration. That’s mind-bogglingly impressive when you consider the millions of people in that area. Watching the inauguration during lunch on Tuesday, I was stunned as always by the efficiency of the Secret Service. The motorcade parade is an amazing security challenge since you’re swarmed by people on the sidewalks, but watching the Secret Service guys scan the crowds and position themselves for maximum effectiveness was like watching an elegant dance. One step-look left-one step-scan to middle-one step-scan right.

We are always glad to see the names of companies in our industry when they announce that their systems were being used around the inauguration. This year, we heard of ICx, Cooper Notification and American Defense Systems involvement around this event. There are more of course, but some of the other companies are tied to non-disclosure agreements which prevent them from revealing that their technology was in place. Congratulations again to all the vendors whose technologies and services played a part in safeguarding an American presidential inauguration.

In other news:
Security for Amtrak, Video storage partnerships, TWIC heel-dragging

SIW Assistant Editor Joel Griffin reports in on a project which secured Amtrak facilities with a very complex group of technologies. That case study will be part of a webinar we’re hosting on February 5th (register today; it’s free). … Video storage solution company Intransa has formed a sales alliance with Convergint Technologies. … The Ports of L.A. and Long Beach are struggling to get the port workers to come in and register to receive their TWIC identification cards. … Virginia Tech was the scene of a grisly murder in a campus dining establishment. … DNF Security and OnSSI have worked together to ensure that DNF’s video surveillance storage solutions are compatible with OnSSI’s video management solutions. … Even with a slowdown in IP video, Axis’ founder Martin Gren was recognized as Ernst & Young Entrepreneur of the Year (Sweden).

Finally, we close with a look at the most read stories of the week: