-{ Quote: "by Elinor Mills

They used an SQL injection attack to steal the data and used computers in California, Illinois, New Jersey, Latvia, Ukraine, and the Netherlands for storing malware and stolen data and launching attacks, according to the indictment. In an SQL injection attack, a small malicious script is inserted, exploiting a vulnerability in the database layer of an application that feeds information to the Web site.

They also allegedly installed backdoors and sniffers to intercept data in real time as it was processed by the victims and tried to hide their actions by accessing the victim networks through proxy computers, modifying their software so as to evade detection by antivirus programs and programming it to delete traces of the malware from victim networks, according to the indictment." }-Story (http://news.cnet.com/8301-27080_3-10311336-245.html)

The best defense against Injection attacks is , depending on the strength of the needle , a stab vest. Coat of armour is also good , but can be inconvenient.

Gonzalez was previously a federal government informant when he got caught with ATM credit and debit cards info.

This guy doesn't quit. He was working both sides of the fence.

-{ Quote: "Grand Theft Data: Lesson Learned

By Eric Lundquist
2009-08-18

Ten Lessons CIOs Should Learn From The Biggest Data Breach Of All Times

Do all those news stories outlining the details of the record setting 130 million credit card numbers theft make you feel glad it was someone else and not your company? That may be a natural reaction, but there are also some lessons to be learned that just might help you stay off the front pages when the next big theft is announced. Here are ten security lessons to be learned from the theft allegedly masterminded by Albert Gonzalez, 28, of Miami." }-Article (http://www.baselinemag.com/c/a/Security/Grand-Theft-Data-Lesson-Learned-769523/)