Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

How Target Painted a Bulls-eye on its Corporate Forehead

January 22, 2014

Target all but sent hackers an engraved invitation to saunter into its systems, according to a New York Times article. Target's security was, to put it bluntly, crummy. It lacked the virtual walls and motion detectors used in more secure networks.

The culprits appear to be an amorphous group of Eastern European hackers (do they teach cybercrime in high school there?) who, undeterred by strong network protections, were able to gain access to Target's network, servers containing customer data and the in-store systems where consumers swipe their credit and debit cards and enter their PINs.

Undetected for weeks, Target was clueless until it was notified of the probable breach by the Secret Service. Investigators who had been tracking known cybercriminals and monitoring suspicious activity noted a common thread – charges and payments made at Target. JPMorgan Chase noted the same pattern and alerted some credit card companies.

Much of the data has yet to be sold – and it will retain its value for some time. Javelin Strategy & Research, a consulting firm, estimates that the total damage to banks and retailers could exceed $18 billion. Consumers could be liable for more than $4 billion in uncovered losses and other costs.

Not exactly a good time for the Target brand.

It is interesting to read how stolen data was lifted and stored on an infected server inside Target. The malware erased its own tracks. It finally ended up on a server in Russia which served as a proxy to mask the criminals' whereabouts. The malware, known as a memory scraper has been coined "Kaptoxa" after a word in its code, kaptoxa being Russian slang for "potato" – a term often used by criminals to refer to credit cards.

Forensics experts were brought in from Verizon and Mandiant (now being bought by FireEye). While investigating, they plugged all the security holes, wiping malware and changing passwords everywhere. The story was broken by cybersecurity blogger Brian Krebs (be sure to subscribe to his Krebs on Security blog).

More than 70 lawsuits are now pending. There was a clue in the code, the word "Rescator" This is also the name of an underground site that sells credit card data. And the investigation continues . . .

E-mail: Phone: 703-359-0700

http://www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

How Target Painted a Bulls-eye on its Corporate Forehead

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer