Author Topic: Dumping on Mickey D  (Read 827 times)

0 Members and 1 Guest are viewing this topic.

Online Luis Gonzalez

  • Hero Member
  • ****
  • Posts: 7,268
    • Boiling Frogs
Dumping on Mickey D
« on: June 14, 2014, 02:22:12 PM »
Dumping on Mickey D
By Luis Gonzalez
The Last Wire

We all read about the Target security breach that compromised tens of million of customers. Target is back in the news today.

(LA Times) Target Corp. is hiring an IT expert from General Motors Co. to beef up its data security following a massive breach that continues to weigh on its reputation.

Brad Maiorino will head up technology risk and information strategy, a newly created position.

It's the latest move by Target to tighten security over its huge amount of shopper data. The Minneapolis company has increased monitoring of accounts and implemented new safeguards at its point-of-sale systems.


Target, the nation’s third-largest retailer, has been struggling with the fallout from its disclosure in December that hackers stole credit and debit card information from tens of millions of customers.

Its revenue dropped 5% in the crucial fourth quarter and its chief executive, Gregg Steinhafel, stepped down last month. That followed the exit of Beth Jacob, the retailer's former chief information officer.

You may recall that the breaches, they were big news this past December, but how exactly did the theft take place?

(Bloomberg Business) The biggest retail hack in U.S. history wasn’t particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013, someone installed malware in Target’s (TGT) security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores. At the critical moment—when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe—the malware would step in, capture the shopper’s credit card number, and store it on a Target server commandeered by the hackers.

It’s a measure of how common these crimes have become, and how conventional the hackers’ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified.

On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route. As they uploaded exfiltration malware to move stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then …

Nothing happened.

OK, so Target blew it.

Their focus being directed at realizing sales during the year's biggest shopping weekend, the company's security team missed the theft of millions of credit card numbers.

How much was stolen?

Estimates has those numbers at 40 million credit card numbers,  along with 70 million addresses, phone numbers and an unknown amount of card holder's personal information simply flying out of a hacked Target server.

These were not Target credit cards.

The hackers stole every card number swiped in a Target store during 2013's Black Friday weekend. So if you shopped at any Target store on or about last Thanksgiving, your information was very likely stolen.

Bloomberg Business goes on.

In testimony before Congress, Target has said that it was only after the U.S. Department of Justice notified the retailer about the breach in mid-December that company investigators went back to figure out what happened. What it hasn't publicly revealed: Poring over computer logs, Target found FireEye’s alerts from Nov. 30 and more from Dec. 2, when hackers installed yet another version of the malware. Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network. Had the company’s security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers never would have happened at all.

They missed it not once, but twice.

Here's a visual to help you along.

Continue reading Dumping on Mickey D at The Last Wire
“[Euthanasia] is what any State medical service has sooner or later got to face. If you are going to be kept alive in institutions run by and paid for by the State, you must accept the State’s right to economize when necessary …” The Ministry of Fear by Graham Green (New York: Penguin Books [1943] 2005, p. 165).

Online Oceander

  • Technical
  • Hero Member
  • ****
  • Posts: 41,140
  • SMOD 2016
Re: Dumping on Mickey D
« Reply #1 on: June 17, 2014, 01:22:14 PM »

Nice image - this isn't Luis' image, btw, just in case anyone else was curious.  You'll have to read the rest of the story (tip to Paul Harvey) to find out whose it is.
I won't vote for Clinton, but I cannot vote for Trump.  How could I explain to my daughter why I supported a man who sees her as nothing more than a piece of meat, a piece of a$$ for him to grope for his own private pleasure.

"Trump supporter" - the very definition of an SFI

Offline GourmetDan

  • Hero Member
  • ****
  • Posts: 7,090
Re: Dumping on Mickey D
« Reply #2 on: June 17, 2014, 01:29:45 PM »

Target had a team of security specialists in Bangalore to monitor its computers around the clock.

LOL!  Good idea...

« Last Edit: June 17, 2014, 01:30:41 PM by GourmetDan »
"The heart of the wise inclines to the right, but the heart of the fool to the left." - Ecclesiastes 10:2

"April Fools Day is the one day of the year that people critically evaluate news articles before accepting them as true." - Unknown

Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo