“The biggest retail hack in U.S. history wasn’t particularly inventive, nor did it appear destined for success,” Michael Riley, Ben Elgin, Dune Lawrence, and Carol Matlack report for Businessweek. “In the days prior to Thanksgiving 2013, someone installed malware in Target’s (TGT) security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores. At the critical moment—when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe—the malware would step in, capture the shopper’s credit card number, and store it on a Target server commandeered by the hackers.”
“It’s a measure of how common these crimes have become, and how conventional the hackers’ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon,” Riley, Elgin, Lawrence, and Matlack report. “Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified.”
“On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route. As they uploaded exfiltration malware to move stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis,” Riley, Elgin, Lawrence, and Matlack report. “And then… Nothing happened. For some reason, Minneapolis didn’t react to the sirens… Target stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes.”
Read more in the full article here.
MacDailyNews Take: O-rings fail below 40 °F.
Massive data breach: Target’s Windows-based PoS terminals were infected with malware – January 13, 2014
Target debacle: Retailer now says 70 million people hit in massive data breach – January 10, 2014
NY Apple thefts eyed in Target’s nationwide credit breach – December 20, 2013
Target hit by massive credit-card breach – December 19, 2013