Information Security News
by Sean Gallagher
Former information technology employees at Home Depot claim that the retailer’s management had been warned for years that its retail systems were vulnerable to attack, according to a report by the New York Times. Resistance to advice on fixing systems reportedly led several members of Home Depot’s computer security team to quit, and one who remained warned friends to use cash when shopping at the retailer’s stores.
In 2012, Home Depot hired Ricky Joe Mitchell as its senior IT security architect. Mitchell got the job after being fired from EnerVest Operating in Charelston, South Carolina—and he sabotaged that company’s network in an act of revenge, taking the company offline for 30 days. Mitchell retained his position at Home Depot even after his indictment a year later and remained in charge of Home Deopt’s security until he pled guilty to federal charges in January of 2014.
The Home Depot breach, which reportedly began in April of 2014 and went undetected until earlier this month, exposed an estimated 56 million credit card numbers. Home Depot spokesperson Stephen Holmes told the New York Times that the company maintains “robust security systems.” Home Depot officials have said that the malware used in the attack, BlackPOS, had not been seen before and would have been difficult to detect with its security scans.
Manuel Humberto Santander PelÃ¡ez
SANS Internet Storm Center - Handler
Reader Ronnie provided us today a packet capture with a very interesting situation:
Seems to be those packets are trying to map a route, but in a very particular way. Since there are many unrelated IP addresses trying to do the same, maybe something is trying to map routes to specific address to do something not good. The destination IP address is an ADSL client.
Is anyone else seeing these kind of packets? If you do, we definitely want to hear from you. Let us know!