Monday, January 20, 2014

CYBERCRIME - Who Orchestrated the Target Breach

"Were criminal gangs involved in the Target security breach?" PBS Newshour 1/18/2014

Excerpt

HARI SREENIVASAN (Newshour):  Another story that we wanted to follow up on tonight is the state of credit card security, or lack of it.  This following discourse is about major security breaches at big retailers, including Target and Neiman Marcus.  Now new details are emerging about who was behind it, and how it was accomplished.  For more we are joined now, from Washington, by Mike Riley with Bloomberg News.  So, there was a big report out - it started to layout the details.  How do these hackers get all the credit card numbers?

MIKE RILEY, Bloomberg News:  So, they have a pretty sophisticated piece of malware that goes on the point of sales system itself, so that is the terminal that sits in front the the cash register that we all swipe our cards on.  So, the malware goes there and it takes advantage of a quirk, where within that machine, all that information that is taken off that card is sent from one memory chip to another.  It is not encrypted in that process, and they grab it right there.

HARI SREENIVASAN:  And so, who is writing this malware?

MIKE RILEY:  It looks like it is Eastern European or Russian criminal gangs.  Some of the most sophisticated hackers in the world are Russian or Eastern European.  What they have done is they have gotten really good systems.  It is like a supply chain that you can buy pieces of malware.  If you are good enough, as in this case - they have bought a specific piece of malware, called Black POS.  It is a pretty good piece of malware to begin with, but then they customized it.  They made it better.  They made it harder to find, and then they figured out a scheme to get into Target's computers, and stuck it on the point of sales system.  It is also pretty clear that the same gang, or a group of different hackers using the same malware, are targeting other retailers.  We have not seen the end of this.

No comments: