Massive Hack Caught by Target Security System Ignored For Weeks
Target is one the biggest retail stores in North America. In December of 2013, around 40 million credit card numbers and more than 70 million pieces of customer information were in the hands of hackers. Since then, Target has been performing extensive damage control: new credit card security systems have been installed, and the chief operating officer just resigned in the beginning of March. But a source has stated that the store’s new security system has already detected a hack as soon as it started, but did nothing!
FireEye malware had begun installing six months before this incident, and as soon as the hackers began to upload their code, alarms had allegedly gone off. Even the Symantec anti-virus system had detected suspicious activity around the same time of the hack. FireEye could have deleted the malware automatically, but that function was turned off. Nobody stepped in to take any action. Clearly Target should have responded when the security systems are giving off alerts of dangerous malware.
One theory is that the security staff didn’t trust the new system yet or that a vacant position in the store made it possible for them to miss these alerts. One report claims that a security staff member raised some concerns two months before the attack, but was ignored. Whatever may have happened, by the time Target started to fix the holes and problems in the security system, the hackers were way ahead of them. One big question that is on everyone’s mind is “Who was the hacker?” Brian Krebs is a security expert and he has been tracking the stolen credit card numbers and tracing the malware.
He assumed the hacker was Andrey Khodyrevskiy, known as “Helkern”, the man who administered the site where the stolen credit cards ended up on for sale. While it is not confirmed he was the hacker, it sure sounds like he was. Security breaches like this should not exist, and companies need to be more careful with how they handle their customer’s information. Let’s hope something like this does not happen again.