November 16th, 2017
Most recent posts
Target knew about the security vulnerability before it got hacked
Several months back Target had a huge security breach leading to massive credit and debit card information leak where up to 70 million costumers saw not just their credit and debit cards but also their names, addresses and phone numbers ending up in the wrong hands.
Now people familiar with the matter told WSJ that Target one of Americas largest retailing companies knew about the security vulnerability that ended up allowing hackers to access this highly sensitive personal data, which is now being sold on the black market
See Also: How Did Target get hacked?
A Minneapolis-based retailer discovered the vulnerability after it reviewed the security of its own payment system, this eventually led to the federal government and private research companies to do research regarding this and warn retailers about a new type of malware that would target the type of payment system which is being used by many retailers, among those is Target. The company knew something was wrong and that the memo send out by the government and private research companies was indeed true after several employees confirm that “Target and other retailers saw a “significant uptick” in malware trying to enter the system” several months before the attack.
The cybersecurity intelligence team at Target gets hundreds of daily threads and it is hard to know which one to take serious and it looks like they just missed this thread too, one that ended up becoming “everyone’s worst-case scenario”. But mistakes happen, right? Maybe this one is a very big one, but lets do everything to prevent it from happening in the future, right? Not exactly, a similar attack happened to Target back in 2005 where a mind boggling 120 million credit and debit card accounts were stolen, after these attacks the security measures adopted by the company were inadequate many experts claimed, which turn out to be true.
For the 2013 attacks Target also adopted a set of new security measures that should fix the leak that made these attacks possible and prevent them from happening again in the future, but will they really? Is the RED Smartcard introduced by the company the solution? According to Mulligan (chief financial officer and executive vice president of Target) the first REDcards smart cards will be deployed in early 2015. Very similar cards were also introduced in 10 years ago but the project failed to become reality as the technology was outdated and they received mixed reviews. Mulligan now claims that this is not something we have to worry about now since the technology has been improved and the REDCards are “THE solution to this problem”
REDCards “encrypt the personal data shared with the sales terminals used by merchants” but as we have seen in our “How did Target get Hacked” article, current credit card information also is send encrypted but does get decrypted in the RAM (which is how the hackers ended up with all the personal information), this standard is called PCI-DSS and is also used on the new REDCard, making them just as vulnerable.