Posted on 02/07/2014 6:28:09 AM PST by bgill
A western Pennsylvania heating and refrigeration contractor said it was the victim of a "sophisticated cyberattack operation" that is being investigated by the Secret Service and possibly linked to the data breach that enabled hackers to access millions of credit card numbers belonging to Target store customers.
Fazio Mechanical Services Inc., of Sharpsburg, issued the statement after Internet security bloggers identified it as the third-party vendor through which hackers accessed Target's customer information. Target had previously told reporters the store believed hackers accessed 40 million of its customers' card numbers through a vendor's system.
(Excerpt) Read more at kvue.com ...
Physical access to Target’s server hardware.
Social engineering.
I used to work for a service vendor. We had networking hardware all over, in and amongst the customer’s network, inside their firewall — no passwords, no nothing. The clients were all the big banks in NYC. Could have snooped packets all day long from the comfort of my home. Tracing would have been impossible. At banks, the janitors are vice presidents.
There's an unreasonable presumption of trust for system administrators.
I have had access to millions of customer credit cards, SSNs, and addresses from time to time. My clients and these customers would never suffer harm from me, but who else has this level of access.
Sooner or later the wrong person will.
Just because it is complex and not easily understood, does not make it safe. That only works until the technology is mature and ubiquitous.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.