OMG, You're Not Going to Believe This One: Target's Security Software Warned the Retail Giant That Its Systems Were Being Hacked Last Fall, Yet Target Did Nothing to Stop the Attack. Here's What Happened. It's Our Non-TV Story of the Day Bloomberg, NPR
Retail giant Target's own security system actually warned the company that it was being hacked during the Christmas holiday season last year, yet the company did nothing to stop the attack, reports a team of four reporters -- Michael Riley, Ben Elgin, Dune Lawrence and Carol Matlack -- for Bloomberg Businessweek.
In a radio interview later on NPR, reporter Riley explained that Target's malware detection system is incredibly sophisticated: "[It] was initially funded by the CIA. It essentially sets up a series of virtual computers. Anything that's coming into Target's network, in terms of data, goes through these virtual computers, which are configured exactly like Target's own computers. Essentially, what it does [is] it tricks the hackers into believing that they are in Target's networks. It also has this nice trick where it can advance the clock of a computer so when malware comes into a network it can actually see what happens to the malware over a period of days, weeks or even years, in a split second. Once that starts to happen it sends out an alert that says, 'Hey, there's a piece of hacking malware in your system, you should go fix it.' That part of the function worked."
As explained in the Businessweek article itself, "For some reason, [IT employees at Target's Minneapolis headquarters] didn’t react to the sirens. Bloomberg Businessweek spoke to more than 10 former Target employees familiar with the company’s data security operation, as well as eight people with specific knowledge of the hack and its aftermath, including former employees, security researchers, and law enforcement officials. The story they tell is of an alert system, installed to protect the bond between retailer and customer, that worked beautifully. But then, Target stood by as 40 million credit card numbers -- and 70 million addresses, phone numbers, and other pieces of personal information -- gushed out of its mainframes."
The piece later adds, "In testimony before Congress, Target has said that it was only after the U.S. Department of Justice notified the retailer about the breach in mid-December that company investigators went back to figure out what happened. What it hasn’t publicly revealed: Poring over computer logs, Target found alerts from Nov. 30 and more from Dec. 2, when hackers installed yet another version of the malware. Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network. Had the company’s security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers never would have happened at all."
The story also says: "The breach could have been stopped without human intervention. The system has an option to automatically delete malware as it’s detected. But according to two people who audited [the system's] performance after the breach, Target’s security team turned that function off. Edward Kiledjian, chief information security officer for Bombardier Aerospace, an aircraft maker that has used [a like system] for more than a year, says that’s not unusual. 'Typically, as a security team, you want to have that last decision point of "what do I do," ' he says. But, he warns, that puts pressure on a team to quickly find and neutralize the infected computers."
When Businessweek asked Target how all of this could have happened, the retailer responded by saying it is still investigating the incident.
To read more details about how Target's systems were hacked, we urge you to click on our link above to the Businessweek story.