HACKERS HIT SECURITY COMPANY DATABASE
Hackers gained access to the financial and personal data of 3,800 law enforcement and network security professionals when they broke into the customer database of Guidance Software in Pasadena, California.
Guidance Software is a leading provider of software to diagnose hacker attacks, and its EnCase product is used by hundreds of security researchers and law enforcement agencies worldwide, including the U.S. Secret Service and FBI. The break-in took place in November and was discovered December 7.
The company alerted its customers within two days after the discovery and assured them it would no longer store customer credit card data. The company is working with the Secret Service on a detailed investigation of the incident.
Washington Post, 20 December 2004 (registration req'd)
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/19/AR2005121901525.html
Hacker attack compromises police forces
Thieves raid credit card data from U.S. forensics software firm
Sarah Staples, The Ottawa Citizen
Published: Saturday, December 24, 2005
Major police forces across Canada are among thousands of law
enforcement agencies and forensic investigators whose private and financial
information may have been stolen earlier this month in a brazen hacker attack on
an American company that is the major supplier of law enforcement software
worldwide.
Guidance Software, Inc., a private Pasadena, California, firm, said in a letter
sent out to law enforcement agencies last week that thieves had raided its
database sometime in November, stealing credit card numbers and in certain cases
information such as addresses and telephone numbers for some 3,800 customers.
Guidance makes EnCase, a suite of forensic investigation software that has
become the standard tool used by computer crime units of police, insurance
companies, banks and private computer forensics specialists.
The RCMP, the OPP and the Toronto police are among Canadian agencies that say
they received letters from Guidance informing them that their units'
confidential information had been exposed. Guidance became aware of the breach
on Dec. 7.
The incident is particularly ironic, experts say, given that EnCase products are
used, among other things, to extract and analyse digital evidence from computers
to identify hacker attacks.
One flagship program, EnCase Enterprise, touts the ability to monitor computer
networks in real time to diagnose a break-in.
Guidance's own software "certainly should have set off some alarms that 'someone
is downloading our entire database'," said Ryan Purita, an EnCase-certified
investigator with Totally Connected Security Ltd. in Vancouver. He is one of a
handful of Canadian computer forensics experts authorized to testify in court.
"Something fell apart here."
In an interview with CanWest News Service, John Colbert, chief executive of
Guidance, said the attack "is ironic, but it highlights that intrusions can
happen to anybody. It's not a matter of if, but of when, so nobody should be
complacent about their (computer network) security."
The Los Angeles Electronic Crimes Task Force is leading an investigation, along
with the U.S. Secret Service and FBI, Mr. Colbert said. He said the breach has
led to "a few instances of fraud" involving the stolen credit card numbers.
Mr. Colbert admitted Guidance broke the rules of credit card issuers, by storing
in its database the card value verification (CVV) codes -- a security feature
meant to stop the cards from being used in Internet or telephone fraud.
In previous media reports, Mr. Colbert also said credit card information had
been stored unencrypted.
Guidance is now awaiting the results of the police investigation to learn
whether it faces potentially hundreds of thousands of dollars in fines per
violation for keeping CVVs permanently on file.
"Why would you in your right mind keep all three pieces of identifying
information in a database that's maintained online?" asked Michael G. Kessler,
president and chief executive of Kessler International, a New York forensic
accounting and computer forensics agency.
Mr. Kessler "nearly fell off his chair" after discovering last Friday that
$20,000 U.S. worth of fraudulent charges was billed to an employee's corporate
American Express card, he told CanWest News Service.
Days later, four employees received correspondence from Guidance saying their
contact information and credit card numbers, complete with expiration dates and
CVV codes, were at risk.
OPP spokesman Supt. Bill Crate said the computer investigation unit's credit
card information had been kept on file by Guidance, but that despite concerns
over the breach of confidentiality there is no evidence the agency has suffered
any financial loss.
RCMP Staff Sgt. Paul Marsh said the breach of confidentiality "is of concern."
His agency's Technological Crime Program, based in the Ottawa area, and the
Toronto police received correspondence from Guidance, and has offered to
co-operate with the investigation.
© The Ottawa Citizen 2005