BEST OF THE WEB

Stunning details in Target attack emerge

Retailer Target Brands Inc. has given the impression that it was caught unawares when hackers broke into its systems and stole millions of pieces of personal data on customers.

But according to BusinessWeek an advanced malware detection tool that had been installed six months before sent out warnings – warnings that were ignored.

It’s a deliciously detailed article that, if true, might in part explain the departure of the company’s chief information officer earlier this month.

Publicly, Target has said it only learned about the breach in mid-December when notified by the Department of Justice.

But what it hasn’t revealed is that security staff then went over the logs of the recently-installed tools from FireEye and they found alarms that, in the publication’s account, should have been “impossible to miss.”

The story says the attack began a few days before U.S. Thanksgiving (Nov. 28) when the malware was installed to capture the data. Two days later they added code that pointed where it should go. That was spotted by FireEye, which sent a message first to a Target security office in India, which relayed it to headquarters in the U.S.

Data started departing Target systems on Dec. 2 and apparently continued for two weeks. It was initially sent to several sites in the U.S., perhaps to disguise the theft, and then to Russia.

It’s not that Target is indifferent to network security, the article points out, having IT security staff of about 300 (and the wit to buy a sophisticated detection tool).

The article notes the manager of the security operations centre had left the company and not been replaced by the time of the attack, which may figure in the chain of failures. An automatic FireWire tripwire to stop the malware was also turned off, but arguably that is done in many data centers to ensure people make crucial decisions and not software.

For its part, Target says the attack is still under investigation. But my guess is the company heads are going to have to appear before Congress again.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web