Interesting People mailing list archives
IP: British Visa source-code compromised -- from RISKS
From: Dave Farber <farber () cis upenn edu>
Date: Mon, 17 Jan 2000 08:13:26 -0500
Date: Sun, 16 Jan 2000 09:44:26 -0500 From: "Frank Markus" <fmarkus () pipeline com> Subject: British Visa source-code compromised According to an article by Jon Ungoed-Thomas and Stan Arnaud in the *Sunday Times* of London for 16 Jan 2000, British hackers have compromised the source code for the Visa card system and have sought ransom for it. Excerpts from the story which I found online under the headline ``Hacker gang blackmails firms with stolen files'' follow: Visa confirmed last week that it had received a ransom demand last month, believed to have been for 10M pounds. "We were hacked into in mid-July last year" [despite layers of firewalls], said Russ Yarrow, a company spokesman. It is understood the hackers stole critical source code, and threatened to crash the entire system. Visa's system handles nearly 1 trillion pounds of business a year from customers holding 800M Visa cards. No further incursions were detected. [PGN-ed] But this begs the question of what they should have done -- if anything -- after receiving notification that their system had been penetrated. After CD Universe's credit-card database was compromised by a hacker/blackmailer, their system was (apparently) shut down temporarily and its customers notified (of which I, alas, was one.) Visa seems to have had no fall back plan for this crisis except to call in the police and hope for the best. If the hackers have not disseminated the code more widely, Visa has been very lucky and the damage has been controlled. But how certain can anyone be of that? And how certain can they be that there was only one penetration?
Current thread:
- IP: British Visa source-code compromised -- from RISKS Dave Farber (Jan 17)