Save this content for laterSave this content on your device for later, even while offline Sign in with FacebookSign in with your Facebook account Close

Missed alarms and 40 million stolen credit card numbers: How Target blew it

By: News services
March 13, 2014 Updated: March 13, 2014 at 1:58 pm
0
photo - Did Target have a chance to stop the hackers of customers' credit cards? (AP file)
Did Target have a chance to stop the hackers of customers' credit cards? (AP file) 

The biggest retail hack in U.S. history wasn’t particularly inventive, nor did it appear destined for success, according to businessweek.com.

In the days prior to Thanksgiving 2013, someone installed malware in Target’s (TGT) security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores. At the critical moment—when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe—the malware would step in, capture the shopper’s credit card number, and store it on a Target server commandeered by the hackers.

It’s a measure of how common these crimes have become, and how conventional the hackers’ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified.

On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route. As they uploaded exfiltration malware to move stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then …
 
Nothing happened.

Read more at businessweek.com

Comment Policy
Register to the Colorado Springs Gazette
Incognito Mode Your browser is in Incognito mode

You vanished!

We welcome you to read all of our stories by signing into your account. If you don't have a subscription, please subscribe today for daily award winning journalism.

Register to the Colorado Springs Gazette
Register to the Colorado Springs Gazette
Subscribe to the Colorado Springs Gazette

It appears that you value local journalism. Thank you.

Subscribe today for unlimited digital access with 50% fewer ads for a faster browsing experience.

Already a Subscriber? LOGIN HERE

Subscribe to the Colorado Springs Gazette

It appears that you value local journalism. Thank you.

Subscribe today for unlimited digital access with 50% fewer ads for a faster browsing experience.

Subscribe to the Colorado Springs Gazette

Some news is free.
Exceptional journalism takes time, effort and your support.

Already a Subscriber? LOGIN HERE

articles remaining
×
Thank you for your interest in local journalism.
Gain unlimited access, 50% fewer ads and a faster browsing experience.