Target Breach Highlights Busy Year for Cyber Criminals

Target logo

2013 was a busy year for cyber criminals.  A lot of media attention has been focused on the Target Stores security breach, but it’s important to take a step back and understand how cyber criminals are perpetrating their crimes, so we can better protect ourselves from fraud and identity theft.

In years past, the hacker activist group Anonymous would target financial institutions for distributed denial of service (DDoS) attacks, effectively knocking those websites offline.  However, this past year, we saw the Federal Reserve Bank’s website compromised by Anonymous.  Anonymous was able to steal contact records for an undisclosed number of bankers on the Fed’s disaster recovery communication list.  A web server with a security vulnerability was to blame.

Another scary attack was on the New York Times in August.  Hackers successfully rerouted nytimes.com to a Syrian Pro-Assad website.   This was not a case of a web server vulnerability, but rather a hack of the nytimes.com’s DNS records at a domain registrar.  Similar to your phone’s address book, DNS maps a name (a website address) to a number (an IP address).  The hackers were able to break into a domain registrar and change the DNS records for nytimes.com to point to a different website.  Visitors to nytimes.com had no way of knowing that this change had happened behind the scenes.  The potential for attacks like these on financial institutions or retailers online could undermine the entire security of the Internet.

Millions of other users’ information was stolen from various online retailers, including 50 million from Livingsocial, 50 million from Evernote and 38 million from Adobe.   In all of these incidents, usernames, email addresses, security questions and passwords were stolen.  In some cases credit card information was also stolen.  Web servers from each of these retailers were compromised to gain access to data.  What is alarming about these attacks is that researchers have discovered people reuse their passwords across multiple sites, including those for financial institutions.  So an email address and password combination used on Livingsocial, may very well be a user’s bank username and password, as well.

Taking a look at the most recent breach at Target, it has been determined that a company web server was compromised and this gave the hackers access to Target’s internal network.  Malicious software called BlackPOS was loaded onto Target’s Windows-based point of sale terminals.  According to cybersecurity blogger Brian Krebs, currently no antivirus software detects this particular malware.  The hackers then setup a server inside Target’s network to collect the data.  It is believed the hackers repeatedly breached Target’s internal network to retrieve the data collected by the BlackPOS software.

In all, 40 million credit cards and data from 70 million users has been compromised, making this one of the largest security breaches in history.  Financial institutions are bearing the brunt of the losses from this breach.  Either through direct losses or from the cost of reissuing scores of debit and credit card, the effects of the Target breach will total into the hundreds of millions of dollars.

This past weekend, McAllen, Texas Police are believed to be the first to make arrests of individuals who are accused of using the compromised data to create fraudulent credit card cards.  Two Mexican citizens were arrested after buying tens of thousands of dollars’ worth of merchandise with nearly 100 bogus credit cards.

In my next story, I will cover what businesses should do to protect their network, what users should do to safeguard their information and what the industry must do to better protect against cyber criminals.