Info War

A man in the US state of Florida, along with two Russian hackers, has managed to break into the database of a large payment system with customers like the retail chain 7-11. The American man was named as Albert Gonzalez, 28, but the identity of the Russian men has not been disclosed. Gonzales and his co-conspirators managed to steal the data for roughly 130 million credit cards, which officials say is the largest case of identity theft in US history.

Prosecutors have charged him with intending to sell the credit card information to others, allowing them to make purchases with the data that belonged to the original customers. If he is found guilty, he could serve up to a 25 year jail sentence: 20 for fraud and an additional 5 for conspiracy. In addition to the jail time, he would be liable for a $500,000 fine.

The attack was performed using SQL injection, a technique which takes over the code used to put information into a database and instead uses it to take information out or do other equally harmful tasks. SQL injection is a common type of attack when trying to retrieve sensitive data from protected databases. However, fraud experts say that the code used in this particular attack was highly sophisticated, unlike most examples available online.

Unfortunately, SQL injection attacks are not preventable by consumers, so there is no feasible way to protect against them when making purchases. Online attacks are slightly more vulnerable, but as seen by this case, not even purchases in the real world are 100% safe.