Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It

MachineGhost · Post by **MachineGhost** » Wed May 21, 2014 9:05 am

It’s a measure of how common these crimes have become, and how conventional the hackers’ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified.

On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route. As they uploaded exfiltration malware to move stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then …

Nothing happened.

http://www.businessweek.com/articles/20 ... -card-data

ns3 · Post by **ns3** » Wed May 21, 2014 12:35 pm

To understand how a big company like Target could make a major investment in security software and then ignore the warnings it issued from Bangalore you would have to work at a company like mine.

Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It

Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It

Re: Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It