

US Man Stole 130m Card Numbers Using SQL Injection Attack - dlnovell
http://news.bbc.co.uk/2/hi/business/8206305.stm

======
ErrantX
A bit disconcerting how this supposed fraud investigator is waffling about
firewalls?

EDIT: just chatting to my boss about it; the fraud guy (Edward Wilding) came
up and he rolled his eyes :) so Im guessing not the sharpest cookie in the
investigative draw (my boss used to be a fraud guy)

SQL injection is so vague: anyone got better specifics on what was done? (I
hunted around but no joy)

------
Tangurena
If this is the large Heartland break-in from last year, then this guy also
managed to install keyloggers/trojans in unallocated disk space on servers
inside the datacenter. The trojans collected every track 1 or track 2 magnetic
strip off every card processed at the facility for an unknown length of time.
Heartland processes about 100,000,000 credit card transactions each month.

