Hackers gained access to the financial and personal data of 3,800 law enforcement and network security professionals when they broke into the customer database of Guidance Software in Pasadena, California.

Guidance Software is a leading provider of software to diagnose hacker attacks, and its EnCase product is used by hundreds of security researchers and law enforcement agencies worldwide, including the U.S. Secret Service and FBI. The break-in took place in November and was discovered December 7.

The company alerted its customers within two days after the discovery and assured them it would no longer store customer credit card data. The company is working with the Secret Service on a detailed investigation of the incident.

Washington Post, 20 December 2004 (registration req'd)


Hacker attack compromises police forces

Thieves raid credit card data from U.S. forensics software firm

Sarah Staples, The Ottawa Citizen
Published: Saturday, December 24, 2005

Major police forces across Canada are among thousands of law enforcement agencies and forensic investigators whose private and financial information may have been stolen earlier this month in a brazen hacker attack on an American company that is the major supplier of law enforcement software worldwide.

Guidance Software, Inc., a private Pasadena, California, firm, said in a letter sent out to law enforcement agencies last week that thieves had raided its database sometime in November, stealing credit card numbers and in certain cases information such as addresses and telephone numbers for some 3,800 customers.

Guidance makes EnCase, a suite of forensic investigation software that has become the standard tool used by computer crime units of police, insurance companies, banks and private computer forensics specialists.

The RCMP, the OPP and the Toronto police are among Canadian agencies that say they received letters from Guidance informing them that their units' confidential information had been exposed. Guidance became aware of the breach on Dec. 7.

The incident is particularly ironic, experts say, given that EnCase products are used, among other things, to extract and analyse digital evidence from computers to identify hacker attacks.

One flagship program, EnCase Enterprise, touts the ability to monitor computer networks in real time to diagnose a break-in.

Guidance's own software "certainly should have set off some alarms that 'someone is downloading our entire database'," said Ryan Purita, an EnCase-certified investigator with Totally Connected Security Ltd. in Vancouver. He is one of a handful of Canadian computer forensics experts authorized to testify in court.

"Something fell apart here."

In an interview with CanWest News Service, John Colbert, chief executive of Guidance, said the attack "is ironic, but it highlights that intrusions can happen to anybody. It's not a matter of if, but of when, so nobody should be complacent about their (computer network) security."

The Los Angeles Electronic Crimes Task Force is leading an investigation, along with the U.S. Secret Service and FBI, Mr. Colbert said. He said the breach has led to "a few instances of fraud" involving the stolen credit card numbers.

Mr. Colbert admitted Guidance broke the rules of credit card issuers, by storing in its database the card value verification (CVV) codes -- a security feature meant to stop the cards from being used in Internet or telephone fraud.

In previous media reports, Mr. Colbert also said credit card information had been stored unencrypted.

Guidance is now awaiting the results of the police investigation to learn whether it faces potentially hundreds of thousands of dollars in fines per violation for keeping CVVs permanently on file.

"Why would you in your right mind keep all three pieces of identifying information in a database that's maintained online?" asked Michael G. Kessler, president and chief executive of Kessler International, a New York forensic accounting and computer forensics agency.

Mr. Kessler "nearly fell off his chair" after discovering last Friday that $20,000 U.S. worth of fraudulent charges was billed to an employee's corporate American Express card, he told CanWest News Service.

Days later, four employees received correspondence from Guidance saying their contact information and credit card numbers, complete with expiration dates and CVV codes, were at risk.

OPP spokesman Supt. Bill Crate said the computer investigation unit's credit card information had been kept on file by Guidance, but that despite concerns over the breach of confidentiality there is no evidence the agency has suffered any financial loss.

RCMP Staff Sgt. Paul Marsh said the breach of confidentiality "is of concern." His agency's Technological Crime Program, based in the Ottawa area, and the Toronto police received correspondence from Guidance, and has offered to co-operate with the investigation.

© The Ottawa Citizen 2005