Hannaford breach highlights messaging system struggles

The messaging system connecting Hannaford's complex systems could have provided the hole necessary to install malware onto the grocer's systems, an expert says.

Questions remain about how an attacker managed to place malware onto servers at all of Hannaford's nearly 300 grocery stores. But one researcher who has studied information exchange software warns about messaging system misconfiguration issues that could lead to the type of breach experienced by Hannaford.

If you have demanding requirements from business units that need complex products you have to be careful how they are deployed in the enterprise environment.
John Yeo,
security consultantInformation Risk Management

IBM's Websphere MQ enables companies to exchange information across IBM and non-IBM platforms. It is responsible for connecting disparate systems, allowing credit card transactions and other sensitive information to flow between systems and applications.

Hannaford installed WebSphere MQ as part of a server consolidation project and strategy to connect its systems in a service-oriented architecture.

"Messaging systems are a complex product," said John Yeo, a security consultant with UK-based Information Risk Management. "If the traffic is unencrypted, the underlying layer is essentially unencrypted network traffic susceptible to network attacks."

Hannaford breach:
Hannaford breach details indicate inside job: The fact that so many servers were compromised with malware suggests a trusted user on the inside engineered the data breach at Hannaford's, experts say.

Hannaford breach illustrates need to have a survival plan: The Hannaford Bros. Co. supermarket chain is the latest company to suffer a data breach. It illustrates the need for companies to have a survival plan tucked away, experts say.

Misconfiguration issues could have contributed to Hannaford breach: Hannaford takes heat from officials who believe the supermarket chain was slow in disclosing its breach. Meanwhile, one of Hannaford's security vendors gets defensive.

Podcast:

Security Wire Weekly: Hannaford security breach Roger Nebel, director of strategic security for FTI Consulting, discusses the possible causes of the Hannaford supermarket chain data breach and examines the pros and cons of data breach insurance.

Download MP3 | Subscribe to Security Wire Weekly

It's unclear whether misconfiguration issues contributed to Hannaford's massive breach. Hannaford announced that an intruder is to blame for planting malware programs on servers running its supermarkets. The malicious software ran in stealth mode and was responsible for bilking up to 4.2 million credit and debit card numbers from the grocer's systems.

Companies are turning to the complex products as Web services are introduced into the environment as part of service oriented architecture projects. In addition to WebSphere MQ, Microsoft Message Queuing (MSMQ) provides the same features as well as Sonic MQ from Bedford, Mass.-based Progress Software Corporation.

"I don't think the products can be blamed," Yeo said. "If you have demanding requirements from business units that need complex products you have to be careful how they are deployed in the enterprise environment."

Application design flaws and poor encryption technologies could contribute to traffic being exposed, Yeo said in an Information Risk Management research report, "WebSphere MQ Threats". An attacker can deploy traffic sniffing tools to read sensitive data and transaction details.

Sometimes misconfiguration issues could allow an attacker to read and write messages to message queues and eventually find a loophole to the company servers.

Some experts are calling the Hannaford breach an inside job. Graham Cluley, a senior technology consultant for UK-based security firm Sophos, said the malware seems as though it was written either to specifically target Hannaford or to target the commerce system that Hannaford had deployed.

Chris Andrew, vice president of security technology at Lumension Security in Scottsdale, Ariz., told SearchSecurity.com that a common problem is that a company falls behind in its patch deployments, leading to misconfiguration issues and vulnerabilities that can be exploited by an attacker to gain access to critical systems.

Dig deeper on Identity Theft and Data Security Breaches

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close