The holiday data breach at Target appeared to be part of a broad and highly sophisticated international hacking campaign against multiple retailers, according to a report prepared by federal and private investigators that was sent to financial-services companies and retailers.
The report offers some of the first details to emerge about the source of the attack that compromised 40 million credit- and debit-card accounts and personal data for 70 million people. It also provided further evidence the attack on Target during peak holiday shopping was part of a concerted effort by skilled hackers. Parts of the malicious computer code used against Target’s credit-card readers had been on the Internet’s black market since last spring and were partly written in Russian, people familiar with the report said. Both details suggest the attack may have ties to organized crime in the former Soviet Union, former U.S. officials said.
Investigators wouldn’t say how Target’s network was breached, but the software virus injected into its payment-card devices couldn’t be detected by any known antivirus software, according to the report. The virus’s authors included additional features to hide that they were collecting copies of data from the magnetic stripes on Target customers’ payment cards and concealing it within Target’s systems.
Working with Dallas cybersecurity company iSight Partners Inc., the U.S. Department of Homeland Security recently sent these findings to financial-services and retail companies in a secret memo on the attackers. On Thursday, iSight released its own version of the report that included some of the same data.
A Department of Homeland Security official confirmed it is working with iSight. The agency often works with private-sector partners. Financial-services industry officials confirmed they received the report. A Target spokeswoman said she didn’t have any details at this time.
ISight and DHS declined to name other companies that fell victim to the attack. But former U.S. officials and people close to the investigation said it isn’t limited to Target. “The intrusion operators displayed innovation and a high degree of skill,” the iSight report says.
For instance, the virus tries to steal credit-card data during prime business hours—between 10 a.m. and 5 p.m. local time—and stores these inside an internal Target server later raided by hackers.
To read more click here.