Hacked! How 4,227 customers had their credit card data stolen

Dec 12, 2016

Aug 31, 2012 is a day that one Arizona company will never forget. Events of that day are now clear but for many weeks following the incident, staff and investigators alike drew a blank.

A Friday like any other…

It was the Friday before Labor Day and business as usual for the 36 workers present. The morning passed uneventfully and during lunch their thoughts naturally turned to the long weekend ahead of them.

“We talked about our plans for the weekend”, remembers Amber Brennan-Eisner, office manager at the time. “The weather was great and everyone was looking forward to it.”

Some were heading off to the White Mountains for camping or fishing trips, others were staying closer to home to host family picnics or barbecues. All were making the most of the last long weekend before school started.

After a scorching summer (July had been the hottest month in U.S. history), the company’s air- conditioning had been worked hard. Earlier in the week the strain had caused several units to fail.

That Friday, HVAC engineers were working frantically to remedy the stifling temperatures in some parts of the building.

Unfortunately, due to the long weekend, the data breach wasn’t discovered until late on the following Tuesday

A devastating security breach

In the last hours before this business closed to enjoy all that the 3 day weekend would offer, it suffered one of the most devastating and embarrassing events in the company’s 42 year history.

It fell victim to a massive breach of security: the company was hacked and the credit card details of all their recent customers were stolen.

Unfortunately due to the long weekend, the data breach wasn’t discovered until late on the following Tuesday.

Initial suspicions were of high tech and complex cyber attack from off-shore – perhaps China or Eastern Europe – but the reality turned out to be something far more grass roots.

An overseas cyber attack?

Like many similar businesses in the area, the company had a Genset (generator) in the basement of their building. To comply with regulations, the emissions from this generator had to be monitored and logged to a data logger computer a short distance away.

When the Genset was installed it was just out of range of the company’s wi-fi network router, so a high gain router with a 12db aerial was used to bridge the distance. The installation engineer wired the Ethernet ports: one Modbus TCP at the Genset and the other in the control room which was connected the company network.

At the time of installation the IT team ensured the solution complied with the tight security on the company’s wi-fi network, so when the breach happened many were left scratching their heads.

They investigated whether network security could have breached by an individual from that basement location

Investigators pored over hours of security camera footage, server logs and other technical data attempting to pinpoint the breach.

A simple oversight causes havoc

Eventually, CCTV footage revealed an individual dressed in a similar fashion to the HVAC engineers making a detour towards the basement. His destination could not be confirmed as unfortunately no security cameras existed in the basement.

They then investigated whether network security could have breached by an individual from that basement location.

IT pointed out that this made no sense as the company’s network data was encrypted and a high level of security was maintained on the network at all times. However, it turned out that down in the basement this individual had simply plugged a laptop into the extra Ethernet port on the router by the Genset.

Of course, data is encrypted while traveling through the air but is decrypted in the router itself and its Ethernet ports were open and transparent.

This hacker had hit the jackpot. He was straight in to the company-wide network and accessed the secure customer database. Nowadays the company is connected to the Cloud and has employed robust IoT technology to plug this vulnerability.

Security and Industrial IoT Gateways

They use the Zen IoT gateway which has its own wi-fi port and connects to the Cloud with an extra layer of security: Transport Layer Security (TLS) Additionally it has an ethernet port which uses only Modbus TCP, so the port cannot be hijacked for any other communication uses.
Zen IoT Gateway
The company chose the Zen IoT for its size and simplicity. It offers 3 options to connect their previously discrete hardware to the Cloud, only requires the skills of a local electrician for installation and measures just 4” x 1.4” x 4.7”. As a Cloud Edge Processing device the Zen performs calculations on the collated data prior to transmitting to the Cloud.

It also features a flexible logic engine which can programmed with a powerful scripting language for custom applications.

With the Zen IoT and its built-in security measures in place, if a cyber attack did occur today, the only thing it might achieve would be to corrupt the generator data to the Cloud by simulating a Genset controller.

This would be unlikely (as the hacker would have nothing to gain) and the impact would be small compared to the magnitude of a credit data theft.

Privacy and security surrounding the IoT is of primary concern to all planning the connection of their legacy equipment and a transition to the Cloud. The Zen IoT addresses these concerns and simplifies the connection process.

Learn more about the Zen IoT Cloud Edge Gateway »

Share This