Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

A First Look at the Target Intrusion, Malware
Krebs On Security ^ | 1/12/2014 | Krebs

Posted on 01/16/2014 8:40:12 AM PST by BlueMondaySkipper

Last weekend, Target finally disclosed at least one cause of the massive data breach that exposed personal and financial information on more than 110 million customers: Malicious software that infected point-of-sale systems at Target checkout counters. Today’s post includes new information about the malware apparently used in the attack, according to two sources with knowledge of the matter.

(Excerpt) Read more at krebsonsecurity.com ...


TOPICS: Business/Economy; Crime/Corruption; Front Page News
KEYWORDS: breach; cybersecurity; hack; retail; security; target; targetmalware; theft
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-73 next last
Interesting information regarding the Target data breach. I notice that the number of people affected has gone from 30K, to 70K and now 110K.
1 posted on 01/16/2014 8:40:12 AM PST by BlueMondaySkipper
[ Post Reply | Private Reply | View Replies]

To: BlueMondaySkipper

How would malware get into the POS system?
You can’t use a cash register to go surfing on porn.com


2 posted on 01/16/2014 8:44:58 AM PST by Buckeye McFrog
[ Post Reply | Private Reply | To 1 | View Replies]

To: BlueMondaySkipper

And for those of us who believe Abstinence works, there is no problems at all with Identity Theft. If you do not make ANY electronic transactions you will be just fine.


3 posted on 01/16/2014 8:46:01 AM PST by eyeamok
[ Post Reply | Private Reply | To 1 | View Replies]

To: eyeamok

Maybe if you also don’t have any credit cards, or bank accounts, you might be safe.


4 posted on 01/16/2014 8:48:02 AM PST by Boogieman
[ Post Reply | Private Reply | To 3 | View Replies]

To: BlueMondaySkipper

Meanwhile CMS will testify in Congress today the Healthcare.gov is safe and secure and no security breaches have occurred.


5 posted on 01/16/2014 8:49:04 AM PST by AU72
[ Post Reply | Private Reply | To 1 | View Replies]

To: BlueMondaySkipper

Fascinating to read; wish I understood it...


6 posted on 01/16/2014 8:50:59 AM PST by Carriage Hill (Peace is that brief glorious moment in history, when everybody stands around reloading.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Buckeye McFrog

Apparently, Target’s POS terminals are networked.

Here’s the analysis of the malware, and from that you can clearly see that the terminal must be running Windows and be capable of connecting to the internet:

http://krebsonsecurity.com/wp-content/uploads/2014/01/POSWDS-ThreatExpert-Report.pdf


7 posted on 01/16/2014 8:51:26 AM PST by Boogieman
[ Post Reply | Private Reply | To 2 | View Replies]

To: Buckeye McFrog

Because they all talk to a central computer.

SkyNet is everywhere.


8 posted on 01/16/2014 8:51:28 AM PST by Valpal1 (If the police can t solve a problem with violence, they ll find a way to fix it with brute force)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Boogieman

Bank Accounts are just fine if you choose a Credit Union, it is virtually IMPOSSIBLE to transfer Money OUT of MY Credit Union without Physically walking in and filling out a bunch of papers.


9 posted on 01/16/2014 8:57:06 AM PST by eyeamok
[ Post Reply | Private Reply | To 4 | View Replies]

To: BlueMondaySkipper

Bank are making billions on electronic economy - they scarf 1-3% of every transaction - just for handling the transfer. They have been pushing electronic transfers - debit and credit cards as an alternative to cash.

The government likes it because now they have a record of virtually every cash transaction you make - read the ironically titled “Bank Secrecy Act” if you think the governement doesn’t have full access to your account informtion. What do they care if the system isn’t secure? You should have bought “idenity protection”, bub!


10 posted on 01/16/2014 8:59:15 AM PST by Fido969 (What's sad is most)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Buckeye McFrog
How would malware get into the POS system?

According to the article, they were able to compromise a web server to gain access to the network. From there they could deploy the malicious code to the POS devices and also set up a data collection point on another one of Target's servers. The malicious code on the POS devices would send the credit card data to this collection point as the card was swiped. The bad guys were able to log on to the collection server to gather the data whenever they felt like it.

11 posted on 01/16/2014 9:03:16 AM PST by BlueMondaySkipper (Involuntarily subsidizing the parasite class since 1981)
[ Post Reply | Private Reply | To 2 | View Replies]

To: BlueMondaySkipper
I notice that the number of people affected has gone from 30K, to 70K and now 110K.

Not thousands. Millions.

12 posted on 01/16/2014 9:16:07 AM PST by IYAS9YAS (Has anyone seen my tagline? It was here yesterday. I seem to have misplaced it.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BlueMondaySkipper

Surprise, surprise. Compromised POS systems were all Windows systems. These companies are big that they could develop and utilize Linux-based POS systems.

That’s going to be the ONLY way to secure their systems. The ONLY way. Fundamentally, Windows as it now stands is essentially impossible to secure.

I’ve worked with Windows in depth for 16 years now, and know its ends and out enough to make the above statement with complete confidence.

With Linux, the main threat is using insecure passwords and insider attacks.


13 posted on 01/16/2014 9:16:08 AM PST by catnipman (Cat Nipman: Vote Republican in 2012 and only be called racist one more time!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: IYAS9YAS
Not thousands. Millions.

You are correct, my bad

14 posted on 01/16/2014 9:25:02 AM PST by BlueMondaySkipper (Involuntarily subsidizing the parasite class since 1981)
[ Post Reply | Private Reply | To 12 | View Replies]

To: BlueMondaySkipper
I notice that the number of people affected has gone from 30K, to 70K and now 110K.

Not one hundred-ten thousand, (110,000) but 110 million. (110,000,000)

Fully 1/3 of the US population.

15 posted on 01/16/2014 9:33:43 AM PST by Ol' Dan Tucker (People should not be afraid of the government. Government should be afraid of the people)
[ Post Reply | Private Reply | To 1 | View Replies]

To: catnipman
Compromised POS systems were all Windows systems.

The compromise was at the server level. The hackers installed a compromised server on the network and read the data from the POS terminals in real-time.

IOW, they had insider help or used social engineering to gain admin-level network access.

So, in this case, at least, using Linux would have made no difference at all.

16 posted on 01/16/2014 9:36:30 AM PST by Ol' Dan Tucker (People should not be afraid of the government. Government should be afraid of the people)
[ Post Reply | Private Reply | To 13 | View Replies]

To: BlueMondaySkipper
"The malicious code on the POS devices would send the credit card data to this collection point as the card was swiped. The bad guys were able to log on to the collection server to gather the data whenever they felt like it."

I guess the net admins never heard of router security protocols. There shouldn't be open routes (unauthorized IP addresses) between internal servers. We can rest easy at night that our grid is just a secure.

17 posted on 01/16/2014 9:54:07 AM PST by uncommonsense (Liberals see what they believe; Conservatives believe what they see.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: BlueMondaySkipper
I notice that the number of people affected has gone from 30K, to 70K and now 110K.

Times one thousand. That's 110 Million customers.

Why I won't get a debit card--straight pipeline into your funds.

18 posted on 01/16/2014 9:56:38 AM PST by Smokin' Joe (How often God must weep at humans' folly. Stand fast. God knows what He is doing.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BlueMondaySkipper
Anyone want to fill out the stuff for Obamacare now??? Keep in mind it is LESS secure than this system was.

Nevermind!

Better to write an autobiography and hope someone buys the book if I want my life history on view. At least I might make enough money for a cup of coffee now and then.

19 posted on 01/16/2014 10:00:48 AM PST by Smokin' Joe (How often God must weep at humans' folly. Stand fast. God knows what He is doing.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BlueMondaySkipper

Wimpy userids and passwords.

We had a break-in on a box and my Server2008 box was audited because the pwn3d server tried to get in. When I told them my only local user id, they responded “How did you think of something that convoluted?”.

I guess the same way you thought of using “fred” as a local acct on your server.
Now the server emails me for every incorrect login.


20 posted on 01/16/2014 10:03:41 AM PST by AppyPappy (Obama: What did I not know and when did I not know it?)
[ Post Reply | Private Reply | To 11 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-73 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson