BusinessWeek has a scathing article in the latest edition which reveals that Target had enough evidence to stop this winter's massive data breach before it even started--and did absolutely nothing. I mentioned this yesterday, but I'm reposting given the ramifications.
It’s a measure of how common these crimes have become, and how conventional the hackers’ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye, whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified.
On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route. As they uploaded exfiltration malware to move stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then …
Nothing happened.
The bottom-feeders struck again on December 2, installing another version of their malware. Again, FireEye redflagged it--and again, Target failed to act. According to a consultant with Target's internal investigation, FireEye issued the highest-priority alerts on its scale. FireEye was sophisticated enough that even though the hackers cloaked their malware with the name "BladeLogic," a legitimate program used to protect credit card data, it was able to detect that it was really malware.
Even worse, Target's security team just sat and twiddled its thumbs when its antivirus software detected suspicious behavior from the same server called out by FireEye. As a result, for the next two weeks 110 million pieces of data adding up to 11 gigs flowed right under their noses to three compromised servers in Northern Virginia, Provo and LA before going to a server in (surprise!) Moscow. And yet, the hackerswere laughably careless. According to Jamie Blasco of security firm AlienVault, they had user names and passwords for those servers embedded n the code. Had Target's security people responded to the FireEye alerts, they could have signed into the servers and taken the data back before the hackers made their daily pickup.
Target is already in a world of trouble for this snafu, and it may be in for more. The House Oversight Committee is now pressing Target for additional documents related to the information BusinessWeek obtained; it already got a bunch of documents earlier this week before this story broke.
I had thought about giving Target another chance. But after reading this, it may be awhile. A very long while.