Information Security Breach (2006)

PRESENTED BY : Ritish Ghurburrun Sarvesh Ramkorun Duva Pentiah Jootoo B.

What is Walmart?
American corporation that runs a large chain of discount stores on the trade name of Walmart. Founded by Sam Walton in 1962- Headquartered in Bentonville, Arkansas. Today its the largest grocery retailer in United States A net revenue of 408 billion dollars in 2009 ( 2006-258 billions) A total of 2.1 million employees Has 8500 stores in 15 different countries And operates in 50 sates of U.S alone

What was the breach?

Hackers from eastern Europe were able to steal source code of the development team in charge of the point-ofsale system of Walmart. Eventually they hacked the system. Large amount of confidential data of customers and o ther internal documents were no longer secrets. Despite the existence of card processing standards which is established from 2001, Walmart had been hacked.

What was the breach?

Breach was discovered in november 2006 but in fact the system was being hacked since june 2005. The hacker had tried to access more than 800 machines and was able to make successful connection with a number of them (poor firewall) and most the computers accessed by the hacker were those of the company programmers which were responsible for coding of the point-of-sale system. Walmart stated that no confidential data had been stolen but server logs report show that one of the documents that the hacker had stolen was named POS Store Systems Technical

Specifications TLOG Encryption and Financial Flows Draft 03/04/2006

Why was Walmart hacked?

Expert assessment reports reveal that Walmart card processing system had a number of security vulnerabilities. 4 years old customers data (purchase details, name, address, credit card number) were still being stored under encrypted form on the company networks. Walmart have been unsuccessful to close previous VPN account owned by ex-Walmart employees(canada) which give access to company system through which the hacker was able to connect and have access to the system.

Why was Walmart hacked?

Using this VPN account, a password cracker tool (L0phtcrack) was remotely installed on the company server. Walmart security team was able to close the compromised VPN account through which the hacker was accessing the system and was struggling to secure the system in a thousand of ways but yet the hacker was able to find another VPN account to access the system. Another loophole of the Walmart system was that server logs recorded only unsuccessful log-in attempts and not successful ones.

Why was Walmart hacked?

The hacker had also stolen various important files such as the source codes, database documentation, debugging files and proprietary documents such as customer transaction details. Security audit conducted in 2005 clearly stated that customer data was being poorly protected but encryption and other security measures were applied only 3 month before the attack was detected. Walmart also lacked PCI compliance as stated by Cybertrust security auditors in in early 2004 but it was applied by Walmart only in july 2006.

Why was Walmart hacked?

Auditors also discovered that servers, TPS and other devices connected to the network used same usernames and passwords in every nationwide stores ( and in some cases password discovery was just a bit of guess work). Walmart pharmacy division had in stock, upto 4 years of customer transaction data which contained highly confidential details. Note : Investigations revealed that the Walmart security team had detected intrusion eight days after the attack in june 2005. But yet no effort was made to shut down the VPN through an employee suggested it to the chief security head.

Why was Walmart hacked?

Note: earlier in 2005 Sams club, Walmart membership store, was hacked and over 600 customers detailed were stolen from there yet Walmart did not take any action. After the attack at Sams club, Verisign had reported that if the system is not upgraded to a secure one, this would expose a lot of confidential data in future but yet nothing was done. Other audits conducted by verisign also reported that firewalls and other intrusion detecting logs were very poor since they detected only 1 out of 10 irregularities and they lacked latest security patches.

Consequences of this breach

Since Walmart system was not secure and all evidence which were found during investigations were against Walmart, the latter faced prosecution in court which lasted nine months before reaching an agreement with the concerned stakeholders. Walmart lost the confidence of millions of its customers which decreased its revenue drastically for the coming 2 years. Walmart has had to review his entire system which costed a lot of money. Walmart was subject to strict auditing concerning data security (every 6 months).

Reference

http://www.schneier.com/blog/archives/20 09/10/2006_wal-mart_h.html http://www.wired.com/threatlevel/2009/10/ walmart-hack/