LogBlog

« Compliance or risk? Install cameras first. | Main | Is your digital shadow protected? »

What Log Data can (not) do for Hannaford

Indications are that the recent, massive, breach at Hannaford Bros. Co.'s supermarkets was an inside job leveraging a sophisticated malware deployment.  We were asked today whether malware will generate logs that we could have picked up in the Hannaford case and the answer in general is "no". These types of software are very evasive and try not to leave any type of trail while running.

However, what could help investigation in this case is logs generated by the systems on a day-to-day basis. These logs can be used for forensic analysis, e.g., potentially identifying who did the installation and where they came from. In this case, logs from the POS systems, servers that manage the data, databases that store the data, firewalls that protect these systems, can all be used for forensic analysis.

Of course this case is getting national attention because the number of customers affected (4.2 million) and the large number of fraud cases (1,800) already linked to the data breach. However, there are a ton of breaches that happen on a daily basis. A good place to track them is The Breach Blog.

Posted April 01, 2008 in | Permalink

TrackBack

TrackBack URL for this entry:
http://www.loglogic.com/mt/mt-tb.cgi/313

Visit loglogic.com

I ♥ Logs

Subscribe to this blog’s feed RSS

April 2008
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      
Categories
Archives
Blogroll
Blogroll
Compliance
Good Reading
LogLogic
LogLogic Partners
Sites We Watch