Home > Security News > Hannaford breach highlights messaging system struggles
Security News:
EMAIL THIS LICENSING & REPRINTS

Hannaford breach highlights messaging system struggles

By Robert Westervelt, News Editor
01 Apr 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Questions remain about how an attacker managed to place malware onto servers at all of Hannaford's nearly 300 grocery stores. But one researcher who has studied information exchange software warns about messaging system misconfiguration issues that could lead to the type of breach experienced by Hannaford.

If you have demanding requirements from business units that need complex products you have to be careful how they are deployed in the enterprise environment.
John Yeo,
security consultant, Information Risk Management

IBM's Websphere MQ enables companies to exchange information across IBM and non-IBM platforms. It is responsible for connecting disparate systems, allowing credit card transactions and other sensitive information to flow between systems and applications.

Hannaford installed WebSphere MQ as part of a server consolidation project and strategy to connect its systems in a service-oriented architecture.

"Messaging systems are a complex product," said John Yeo, a security consultant with UK-based Information Risk Management. "If the traffic is unencrypted, the underlying layer is essentially unencrypted network traffic susceptible to network attacks."

Hannaford breach:
Hannaford breach details indicate inside job: The fact that so many servers were compromised with malware suggests a trusted user on the inside engineered the data breach at Hannaford's, experts say.

Hannaford breach illustrates need to have a survival plan: The Hannaford Bros. Co. supermarket chain is the latest company to suffer a data breach. It illustrates the need for companies to have a survival plan tucked away, experts say.

Misconfiguration issues could have contributed to Hannaford breach: Hannaford takes heat from officials who believe the supermarket chain was slow in disclosing its breach. Meanwhile, one of Hannaford's security vendors gets defensive.

Podcast:

Security Wire Weekly: Hannaford security breach Roger Nebel, director of strategic security for FTI Consulting, discusses the possible causes of the Hannaford supermarket chain data breach and examines the pros and cons of data breach insurance.

Download MP3 | Subscribe to Security Wire Weekly

It's unclear whether misconfiguration issues contributed to Hannaford's massive breach. Hannaford announced that an intruder is to blame for planting malware programs on servers running its supermarkets. The malicious software ran in stealth mode and was responsible for bilking up to 4.2 million credit and debit card numbers from the grocer's systems.

Companies are turning to the complex products as Web services are introduced into the environment as part of service oriented architecture projects. In addition to WebSphere MQ, Microsoft Message Queuing (MSMQ) provides the same features as well as Sonic MQ from Bedford, Mass.-based Progress Software Corporation.

"I don't think the products can be blamed," Yeo said. "If you have demanding requirements from business units that need complex products you have to be careful how they are deployed in the enterprise environment."

Application design flaws and poor encryption technologies could contribute to traffic being exposed, Yeo said in an Information Risk Management research report, "WebSphere MQ Threats". An attacker can deploy traffic sniffing tools to read sensitive data and transaction details.

Sometimes misconfiguration issues could allow an attacker to read and write messages to message queues and eventually find a loophole to the company servers.

Some experts are calling the Hannaford breach an inside job. Graham Cluley, a senior technology consultant for UK-based security firm Sophos, said the malware seems as though it was written either to specifically target Hannaford or to target the commerce system that Hannaford had deployed.

Chris Andrew, vice president of security technology at Lumension Security in Scottsdale, Ariz., told SearchSecurity.com that a common problem is that a company falls behind in its patch deployments, leading to misconfiguration issues and vulnerabilities that can be exploited by an attacker to gain access to critical systems.



Tags: Identity Theft and Data Security BreachesVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google




More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts