Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek

Trending

Filed under: News

 

The Target Data Breach Is Becoming A Nightmare

Jan 17 2014, 1:51pm CST | by

10 Updates
The Target Data Breach Is Becoming A Nightmare
Photo Credit: Forbes
 
 

Comments

Full Story

The Target Data Breach Is Becoming A Nightmare

Over the past month, details about the breadth of the Target data breach have continued to emerge.  It’s not a pretty story.  Bad enough when it appeared that through some means, hackers had gotten data all the way from credit card swipe machines out the other side of Target’s systems, including encrypted Pin numbers from debit cards. Then it was announced that other information was also stolen, specifically name, address, phone number and/or email address.  I assumed this was all somehow related to the same attack.  Perhaps a different database, but all information gathered from those who shopped from mid-November through mid-December 2013.  Then last night (like colleague Claire O’Connor), I received my copy of “the letter.”

In case you haven’t received one, I found a copy of the letter online at marketplace.org.  It’s identical to the one I received.  This is a very significant letter, especially addressed to someone like me, since I haven’t shopped at Target stores in recent memory, and possibly shopped at Target.com over a year ago.  In other words, the data captured was far broader than we originally imagined.  This is bad.

Other details emerged Thursday about how the breach occurredUntil then everyone, including me, speculated wildly about how this could have been done.  And we focused on one point of attack – the POS system.  There are standards retailers follow, set forth by the payment industry (led by Visa) that are meant to keep data safe.  But it turns out that if a bad guy can break into the corporate system itself, all those standards are pretty useless.  And that’s what happened.  If you’re feeling particularly geeky, you can read an excellent explanation of the attack here , at www.krebsonsecurity.com.   I’ll try to give a simpler overview for the rest of us.

The software used to hack the POS system is a variant on one that is commercially available on Cybercrime forums (note:  Seriously??? Cybercrime forums? And our governments allow those forums to continue?), for the robust sum of $1,800 for the “budget version” and $2,300 for the “full version,” which also allows the bad guys to encrypt the data they’ve stolen.

This is bad enough, but the real question remains – “How did they gain access to Target’s systems?” And they didn’t gain access just once.  In fact, they kept coming back to harvest data almost daily over the course of several weeks.  As we now know, they didn’t just stop with the sales data. They roamed across Target’s network of servers looking for interesting information, like email addresses, etc.       The answer is apparently found in what is known as “Port 80.”  Let me try to give you a layman’s explanation of this.

We have software firewalls on our personal computers (if you don’t, you really should).  This is the software that warns you if you’re being directed to a malicious web site. It also insures you don’t get malware planted on your computer if you somehow find yourself on one of those, or get an email with that type of software in it. Large enterprises have both hardware and software firewalls designed to do essentially the same thing, just on a more robust scale.  The software and hardware essentially seal up all ways in and out of your computer – except for a very few exceptions.  One of those exceptions is the route (or “Port”) used for internet browsing traffic.   You can’t close it – not if you want to use the internet.  So we rely on software to separate bad apples from the good ones.  Long story short, the hackers convinced Target firewalls that they were “good guys.”  And once they’d done that, they continued to roam freely around Target’s system.  They’ve found data old and new and will use it the way they choose.

Personally, there’s not too much they can do with whatever data they got from me.  I haven’t shopped at Target in a long time, and they have no credit card number info on file.  But imagine if they grabbed not just your credit card swipe information, but were able to match it up with the other information:  address and phone number info as well.  They could do a LOT of damage.  And that probably explains why finally, banks like Citibank announced they were re-issuing all debit cards that were possibly involved in the breach.  It’s no longer adequate to just change the Pin numbers.  Now, it’s a do-over.  I think this was a wise move. As I’ve mentioned before, I’m frankly pretty befuddled that the entire ecosystem did not move faster to replace cards, change Pin numbers…whatever it took to keep us all safe.

And that brings me to the last point, one that is worth considerationRetail industry watcher and former National Retail Federation CIO Cathy Hotka points out that most industries have cooperative security groups, called ISACs (Information Sharing and Analysis Centers).  If you look at web site www.isacouncil.org , you’ll find many industries participate this way.  When something bad happens, they share information.  Retailers, for some reason, have chosen not to create this type of group despite potential assistance from US-CERT, the FBI and other enterprises.  Cathy (and now I) expresses real befuddlement over this gap.  There’s plenty of precedent.  Retailers routinely work together on loss prevention tools and techniques, and lobby hard for more assistance from law enforcement against Organized Retail Crime (ORC).  It seems that it’s long overdue for the industry to do the same when it comes to Cyber-security.

I can appreciate why retailers wish this issue would just go awayAfter all, they’ve each spent a small fortune on Visa’s PCI compliance initiatives.  It’s a hard pill to swallow that a static standard is inadequate in an ever-changing world. And now, there’s a belief that moving to a new technology that will replace today’s magnetic stripes, called EMV, will solve any remaining problems.  The Target breach highlights that there will be no magic bullet.  The bad guys will continue to evolve.  We must do the same.

Consumers have grown weary of privacy invasions.  This more than anything, explains the surprisingly vocal reaction to the Target breach vs. the TJ Maxx data breach some years ago.  Retailers are in for challenging times again.  It would be best to see us working together to stay a step ahead of the bad guys.

And seriously…can’t we find a way to shut down the cybercrime forums?  It’s a better use of time than tracking every phone call we make.  Really.

Source: Forbes

 

iPad Air Giveaway. Win a free iPad Air.

You Might Also Like

Updates


Sponsored Update

Update: 10

Selangor’s Watergate about to explode

Source: Malaysia Today

LEBANON-SAMAHA-AZMI BISHARA-ISRAEL
Anwar brought Wan Azmi to meet Khalid to try to resolve this matter. Anwar supports the RM2.5 billion claim but Khalid is stubbornly sticking to the figure of RM250 million.... READ MOR ...
Source: Malaysia Today   Full article at: Malaysia Today 18 hours ago, 4:12am CDT
 


Advertisement


Update: 9

GLCs told to provide RM7 billion to develop Bumiputera firms

Source: Malaysia Today

EurAsia Cup presented by DRB-HICOM - Day One
(The Malaysian Insider) – Putrajaya has directed government-linked companies (GLC) to generate RM7 billion in business opportunities for Bumiputera firms this year, Prime Minister Prime Minister Datuk Seri Najib R ...
Source: Malaysia Today   Full article at: Malaysia Today 6 days ago, 2:05am CDT
 

More From the Web

Update: 8

Rafizi shows proof of Putrajaya’s hand in contentious carpet-trader loan

Source: Malaysia Today

Eileen Ng, The Malaysian Insider PKR lawmaker Rafizi Ramli today revealed documents to prove Putrajaya interfered in the RM32 million Bank Rakyat loan to ‎controversial businessman Deepak Jaikishan. Rafizi (pic) ...
Source: Malaysia Today   Full article at: Malaysia Today Jul 16 2014, 2:16am CDT
 

Update: 7

PAS MP claims Bank Rakyat loaned carpet-trader RM215m, interest free

Source: Malaysia Today

(Malay Mail Online) – Controversial businessman Deepak Jaikishan (pic) was given a whopping RM215 million interest-free loan from state-owned Bank Rakyat, a PAS lawmaker alleged today, despite Putrajaya’s ...
Source: Malaysia Today   Full article at: Malaysia Today Jul 14 2014, 5:52am CDT
 

Update: 6

MRCB, Nusa Gapurna and PKNS settle suit over RM3 billion PJ Sentral project

Source: Malaysia Today

(The Malaysian Insider) – Malaysian Resources Corp Bhd (MRCB), Nusa Gapurna Development Sdn Bhd (NGD) and PKNS Holdings Sdn Bhd have reached an out-of-court settlement over the ownership of the.. ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 21 2014, 2:53am CDT
 

Update: 5

Story behind Syed Mokhtar’s ‘RM2.25 billion tax-exempt’ Bernas deal revealed, says PKR MP

Source: Malaysia Today

(The Malaysian Insider) – An innocuous written reply in Parliament has provided a peek into the cosy relationship between the Najib administration and Malaysia’s best-known businessman, Tan S ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 15 2014, 12:56pm CDT
 

Update: 4

Constitutional monarchy still murky concept

Source: Malaysia Today

After the RM4.5 billion land sale, the Sultan of Johor secured a 15% stake in MOL Access Portal (MOL) for RM396 million and took a 20% stake ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 14 2014, 12:37am CDT
 

Update: 3

Sultan of Johor’s RM4.5 bil backlash?

Source: Malaysia Today

"GOLDEN ASIA" Tokyo Premiere Press Conference
Has Sultan Ibrahim of Johor’s succession of big money deals over the last six months caused the tide of public opinion to turn against Johor’s royal palace? KiniBiz examines the... READ MORE ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 11 2014, 8:49am CDT
 

Update: 2

Putrajaya denies carpet dealer given interest-free loan

Source: Malaysia Today

Eileen Ng, The Malaysian Insider Putrajaya today refuted allegations that Bank Rakyat had allowed carpet dealer Deepak Jaikishan to repay a RM32 million loan without interest following ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 11 2014, 5:44am CDT
 

Update: 1

Malaysia Spends Over $9 million on MH370 Hunt: Report

Source: NDTV

"GOLDEN ASIA" Tokyo Premiere Press Conference
Malaysia has so far spent about RM27.6 million (over $9 million) on search operations for missing Malaysia Airlines flight MH370, an official said on Monday ...
Source: NDTV   Full article at: NDTV Jun 9 2014, 3:12am CDT
 

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Katherine Webb Shows Off Sexy Instragram Photo
Katherine Webb Shows Off Sexy Instragram Photo
Webb posted the photo while on her honeymoon.
 
 
Bill Belichick Offers No Comment on Aaron Hernandez Texts
Bill Belichick Offers No Comment on Aaron Hernandez Texts
New England Patriots head coach Bill Belichick did not offer any comment on questions regarding his text messages with former tight end Aaron Hernandez, who is charged with the murder of three individuals.
 
 
Jamaal Charles Agrees to $18M Extension with Kansas City Chiefs
Jamaal Charles Agrees to $18M Extension with Kansas City Chiefs
Running back Jamaal Charles agreed to an $18 million contract extension including an extra $5.1 million over the next two seasons with the Kansas City Chiefs on July 23.
 
 
Batman Day: Brad Meltzer On Why Batman&#039;s &#039;Cultural Shield&#039; Protects Us All
Batman Day: Brad Meltzer On Why Batman's 'Cultural Shield' Protects Us All
July 24, 2014, marks Batman Day for DC Comics. And writer Brad Meltzer tells why Batman's impact is so important.
 
 
 

About the Geek Mind


Read more about The Geek Mind.