Archived KrebsOnSecurity Breaks Story on Target Data Breach

[commiecorvus]

Looks like the guy who designed the malware that did all the damage is a teenager who lives in Russia.

http://www.huffingtonpost.com/2014/01/17/six-other-stores-are-bein_n_4618414.html

BlackPOS was developed by a hacker whose nickname is "Ree4" and who is now about 17 years old and living in St. Petersburg, Russia, according to Los Angeles-based IntelCrawler.

The teenager sold the malicious software to cybercriminals who then launched attacks on merchants, said Komarov, who has been monitoring Ree4's activities since March.

 

[Mugen]

It's crazy the amount of intelligence these kids have.

 

[lovecats]

I ended up signing up on my husband's computer and it went thru with no problem. This after he informed me he had done it. Mine just doesn't like it. It hates me.

 

[redeye58]

It's crazy the amount of intelligence these kids have.

If they'd only put that intelligence to good use, the results could be incredible.
What a waste.

 

[daninnj]

Found this interesting since we have had the new, huge black Verifone credit card machines for quite a while:

According to the IntelCrawler research, BlackPOS was first discovered “in the wild” in March of 2013 and a server at Neiman Marcus was infected in mid-July. From Komarov’s exchange with ree4 it is clear that for this malware “you need standalone Point-of-Sale terminals with monitor and Windows.” It does not work with Verifone systems, because they secure the credit card data before passing it to a PC where it can be scraped from RAM by BlackPOS.

http://www.forbes.com/sites/anthony...-target-malware-teen-take-a-piece-of-the-pie/

Wonder if this will prompt all Targets to switch to them.

 

[Charmander]

So this may be old news by now but as zweipfenigge commented on this article
http://www.pcworld.com/article/2089...t-by-targetlike-hacks-security-firm-says.html

http://www.bankinfosecurity.com/atms-under-malware-attack-a-5777/op-1
It has been known about since May of last year at least

So whoever is chief security officer or whatever the post is called at Target HQ, should be fired.

You can be an apologist and say that this happened at other retailers, and that even the U.S government didn't know about this.

But if you're getting paid six figures to be a security consultant or to give advice on security for a large retailer, you should be held responsible. At a post like this you can't go by what the book says or whatever IT security certifications you have. You need to have had been a hacker yourself, you need to have had a curiosity for how shit like this happens.

Which brings me to the next point. See how that article says that shit like this could have happened with insider access to retailers?

Giving the chief security officer the benefit of the doubt, that he is not just book-smart, that he actually understands all the intricacies of an attack like this......

Get where I am going with that? Yeah.

Either way. Heads need to roll........

 

[Charmander]

It's crazy the amount of intelligence these kids have.

If they'd only put that intelligence to good use, the results could be incredible.
What a waste.

They are putting it to good use. If it wasn't him it would have been someone else. This would have happened eventually.

They are just helping make things more secure for the future. Then again, the future brings even more "opportunities".

If Target was smart they would hire him.

 

[commiecorvus]

Well here's one of the other stores that was hit.
It was Michaels.

http://www.huffingtonpost.com/2014/01/25/micheals-data-breach_n_4666029.html?ref=topbar

 

[neversaynever]

Well here's one of the other stores that was hit.
It was Michaels.

http://www.huffingtonpost.com/2014/01/25/micheals-data-breach_n_4666029.html?ref=topbar

Crap. That one I think I might have caved and shopped at - will have to check.

We have a HORRID Michaels (in the Target parking lot no less!). HORRID customer service.

I have a bunch of friends this one will hit hard.....

 

[Retail Girl]

I wonder if that was one of the mysterious six or just another random addition to the fun.

 

[commiecorvus]

So it looks like they got initial access to the system using a vendors credentials.

http://www.huffingtonpost.com/2014/01/29/target-credit-card-hack_n_4691309.html

 

[Hardlinesmaster]

So it looks like they got initial access to the system using a vendors credentials.

http://www.huffingtonpost.com/2014/01/29/target-credit-card-hack_n_4691309.html

That could be true. Considering, we do have business Partners with spot.

 

[pellinore]

And they still expect us to ask all guests if they want a Red Card!

 

[commiecorvus]

A little more info on the guys who programmed the malware and are selling the card numbers.

http://www.startribune.com/business/243125731.html?page=1&c=y

 

[Megaparsec]

http://krebsonsecurity.com/2014/02/these-guys-battled-blackpos-at-a-retailer/#more-24517

Krebs had an interview with some guys who detected BlackPOS at a different retailer. Fairly interesting (if a little bit confusing)

 

[neversaynever]

So I'm a bit "worried".

We have tm's that are telling guests the beach occurred at our processor, and that is why multiple stores are impacted. Not that it was at the store level... I was standing there waiting to bring it up the the GSA... When I heard her say the same thing.

I'm not sure where this started in the store, it isn't what I'd heard from anyone. I'm going to see who I work with today and talk about it... Maybe. But it makes them sound.... Well, you know.

 

[commiecorvus]

It all came down to a phising email?

http://www.huffingtonpost.com/2014/02/12/target-hack_n_4775640.html

 

[neversaynever]

That is....

Anyway, why is my store telling people it wasn't just us, that it was our 3rd party payment processor that was hacked so they got more than just our stuff....

And the one gstl is also telling everyone to tell people it was just one week, not the 18 days.

I think I need to chat with my ETL if I can find him.

 

[daninnj]

Target Says It Ignored Early Signs of Data Breach

http://abcnews.go.com/Business/wireStory/target-early-signs-data-breach-22912857

 

[TiedAndDropped]

http://www.businessweek.com/article...issed-alarms-in-epic-hack-of-credit-card-data
Here's the Bloomberg piece.

 

[commiecorvus]

That's going to go over big when you ask if people want a Red Card.

 

[daninnj]

http://www.businessweek.com/article...issed-alarms-in-epic-hack-of-credit-card-data
Here's the Bloomberg piece.

cover = WIN!!

 

[commiecorvus]

http://www.businessweek.com/article...issed-alarms-in-epic-hack-of-credit-card-data
Here's the Bloomberg piece.

cover = WIN!!

I especially loved the gif of the bullseye with numbers streaming out of it.
This part of the article was very interesting.

The breach could have been stopped there without human intervention.
The system has an option to automatically delete malware as it’s detected.
But according to two people who audited FireEye’s performance after the breach, Target’s security team turned that function off.

 

[mrknownothing]

[repeated headdesk]

 

[RhettB]

So who resigns before they can get fired next? Steinhafel needs to go before this company tanks more than it has already.