‘Tis the season for hacking—Target announced today that it was indeed compromised! Target releases few details of the hack: “The unauthorized access may impact guests who made credit or debit card purchases in our U.S. stores from Nov. 27 to Dec. 15, 2013.” OK, so now we have a vague time line to work with, but it must be noted that you don’t just wake up one morning and decide to hack a major retailer. My point is, this took time and planning so the timeline will be much longer. Finding the entry point into Target’s network is a must in this scenario.
Target further states: “We began investigating the incident as soon as we learned of it. We have determined that the information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code).” So, the perpetrators got all of the stored data or data in transit. My question to Target is why are you storing the CVV numbers in the first place? Or, was this a man-in-the-middle attack? A man-in-the-middle attack is an active form of eavesdropping. An attacker inserts themselves into a private conversation without the victim’s consent or knowledge. They then are able to listen/record/modify the traffic and forward it on to the other party without anyone knowing.
Now to my favorite part of the press release from Target: “We recommend that you closely review the information provided in this letter for some steps that you may take to protect yourself against potential misuse of your credit and debit information.” I think Target should spend this holiday season by following their own advice and examining potential vulnerabilities in IT infrastructure and providing a technology environment that is more secure than their current one. It must also be said that Target isn’t even providing free credit monitoring to the approximate 40 million customers whose holiday season just got ruined. Bah Humbug!
So, if you visited Target in the last month, it would be wise to cancel and/or change your credit/debit cards immediately. I would also recommend credit monitoring from any of the big companies like Identity Guard.
It would have been nice to perform the digital forensics on this one! Happy Holidays!
MSA Security’s experienced specialists provide a wide range of services to our clients, including the forensic examination of computer systems, servers, mobile devices, or any electronic media as well as providing expert testimony in a formal legal proceeding. For more information, contact MSA Security.