Skip to comments.A First Look at the Target Intrusion, Malware
Posted on 01/16/2014 8:40:12 AM PST by BlueMondaySkipper
Last weekend, Target finally disclosed at least one cause of the massive data breach that exposed personal and financial information on more than 110 million customers: Malicious software that infected point-of-sale systems at Target checkout counters. Todays post includes new information about the malware apparently used in the attack, according to two sources with knowledge of the matter.
(Excerpt) Read more at krebsonsecurity.com ...
How would malware get into the POS system?
You can’t use a cash register to go surfing on porn.com
And for those of us who believe Abstinence works, there is no problems at all with Identity Theft. If you do not make ANY electronic transactions you will be just fine.
Maybe if you also don’t have any credit cards, or bank accounts, you might be safe.
Meanwhile CMS will testify in Congress today the Healthcare.gov is safe and secure and no security breaches have occurred.
Fascinating to read; wish I understood it...
Apparently, Target’s POS terminals are networked.
Here’s the analysis of the malware, and from that you can clearly see that the terminal must be running Windows and be capable of connecting to the internet:
Because they all talk to a central computer.
SkyNet is everywhere.
Bank Accounts are just fine if you choose a Credit Union, it is virtually IMPOSSIBLE to transfer Money OUT of MY Credit Union without Physically walking in and filling out a bunch of papers.
Bank are making billions on electronic economy - they scarf 1-3% of every transaction - just for handling the transfer. They have been pushing electronic transfers - debit and credit cards as an alternative to cash.
The government likes it because now they have a record of virtually every cash transaction you make - read the ironically titled “Bank Secrecy Act” if you think the governement doesn’t have full access to your account informtion. What do they care if the system isn’t secure? You should have bought “idenity protection”, bub!
According to the article, they were able to compromise a web server to gain access to the network. From there they could deploy the malicious code to the POS devices and also set up a data collection point on another one of Target's servers. The malicious code on the POS devices would send the credit card data to this collection point as the card was swiped. The bad guys were able to log on to the collection server to gather the data whenever they felt like it.
Not thousands. Millions.
Surprise, surprise. Compromised POS systems were all Windows systems. These companies are big that they could develop and utilize Linux-based POS systems.
That’s going to be the ONLY way to secure their systems. The ONLY way. Fundamentally, Windows as it now stands is essentially impossible to secure.
I’ve worked with Windows in depth for 16 years now, and know its ends and out enough to make the above statement with complete confidence.
With Linux, the main threat is using insecure passwords and insider attacks.
You are correct, my bad
Not one hundred-ten thousand, (110,000) but 110 million. (110,000,000)
Fully 1/3 of the US population.
The compromise was at the server level. The hackers installed a compromised server on the network and read the data from the POS terminals in real-time.
IOW, they had insider help or used social engineering to gain admin-level network access.
So, in this case, at least, using Linux would have made no difference at all.
I guess the net admins never heard of router security protocols. There shouldn't be open routes (unauthorized IP addresses) between internal servers. We can rest easy at night that our grid is just a secure.
Times one thousand. That's 110 Million customers.
Why I won't get a debit card--straight pipeline into your funds.
Better to write an autobiography and hope someone buys the book if I want my life history on view. At least I might make enough money for a cup of coffee now and then.
Wimpy userids and passwords.
We had a break-in on a box and my Server2008 box was audited because the pwn3d server tried to get in. When I told them my only local user id, they responded “How did you think of something that convoluted?”.
I guess the same way you thought of using “fred” as a local acct on your server.
Now the server emails me for every incorrect login.