Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

In Target, hackers found a gold mine -- with easy access
NYT/Pioneer Press ^ | 1-18-14 | Elizabeth A. Harris, Nicole Perlroth, Nathaniel Popper and Hilary Stout

Posted on 01/19/2014 10:35:43 AM PST by TurboZamboni

It was, in essence, a cybercriminal's dream.

For months, an amorphous group of Eastern European hackers had been poking around the networks of major U.S. retailers, searching for loose portals that would take them deep into corporate systems.

In early November, before the holiday shopping season began, the hackers found what they had been looking for -- a wide path into Target and beyond.

Entering through a digital gateway, the criminals discovered that Target's systems were astonishingly open -- lacking the virtual walls and motion detectors found in secure networks like many banks'. Without those safeguards, the thieves moved swiftly into the company's computer servers containing Target's customer data and to the crown jewel: the in-store systems where consumers swipe their credit and debit cards and enter their PINs.

(Excerpt) Read more at twincities.com ...


TOPICS: Crime/Corruption; News/Current Events
KEYWORDS: hackers; target

1 posted on 01/19/2014 10:35:43 AM PST by TurboZamboni
[ Post Reply | Private Reply | View Replies]

To: TurboZamboni

I can’t believe people are still using their credit and debit cards in stores. If it’s too big a purchase for cash, use a check or a bank money order.


2 posted on 01/19/2014 10:42:33 AM PST by grania
[ Post Reply | Private Reply | To 1 | View Replies]

To: grania

I can explain why I do it.
The two times I’ve had “credit card fraud” it didn’t cost me a penny. A bit of time and a couple of phone calls and that was it.
And it was the card company (Discover) who called me with the info, minutes after it happened.

If there was some significant economic downside, yeah I would switch to something else.


3 posted on 01/19/2014 10:46:25 AM PST by nascarnation (I'm hiring Jack Palladino to investigate Baraq's golf scores.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: TurboZamboni

HUH? I thought someone was reporting some 17 yr old punk was responsible. Now it’s eastern europeans? I’m confused. I don’t think THEY got my debit card. Somebody did and I caught it within a day because I check my financial stuff daily. (my sister says I’m anal.) Had to get yet another new card.


4 posted on 01/19/2014 10:49:56 AM PST by rktman (Under my plan(scheme), the price of EVERYTHING will necessarily skyrocket! Period.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TurboZamboni

Is target liable for losses at this point? Or, are they going to wait until they lose a lawsuit?


5 posted on 01/19/2014 10:50:01 AM PST by CurlyDave
[ Post Reply | Private Reply | To 1 | View Replies]

To: grania

I use checks or cash. Yeah, I’ve heard all the complaints about checkwriters taking forever, but I always have mine filled out except for the amount, which I write fast. Quite often I take less time than the person ahead of me who fumbles with their debit card (”What button do I push now? It isn’t working.”)

Target cashiers used to bug me nonstop to ditch my checks for their Redcard. I notice they’ve stopped. ;)


6 posted on 01/19/2014 10:51:49 AM PST by CatherineofAragon ((Support Christian white males----the architects of the jewel known as Western Civilization.))
[ Post Reply | Private Reply | To 2 | View Replies]

To: nascarnation

>>The two times I’ve had “credit card fraud” it didn’t cost me a penny.

Same here. This is an area where consumers are pretty well protected. My credit union is a pit bull with their credit cards. I even had them call me once when I put gas in my car and my wife’s without reswiping the card. They saw that I was buying a lot more gas than I usually buy at one time and they called me about 30 minutes after I left the station.

That’s a lot safer than pulling $200 out of the ATM every time I want to go buy groceries.


7 posted on 01/19/2014 10:54:20 AM PST by Bryanw92 (Sic semper tyrannis)
[ Post Reply | Private Reply | To 3 | View Replies]

To: TurboZamboni

I have stopped going to Target for awhile until this mess clears. I only made one purchase at Target during the infected known timespan. So far, nothing from my credit card company.


8 posted on 01/19/2014 10:56:23 AM PST by rawhide
[ Post Reply | Private Reply | To 1 | View Replies]

To: CatherineofAragon

>>Yeah, I’ve heard all the complaints about checkwriters taking forever, but I always have mine filled out except for the amount, which I write fast.

Every checkwriter I know claims they do that. But every checkwriter I get behind in line stands there (usually talking on the phone) right up until the cashier tells that how much they owe, and then they start digging in the purse for the checkbook.

And then the pen.

And then they act surprised when they have to produce and ID or two.


9 posted on 01/19/2014 10:57:14 AM PST by Bryanw92 (Sic semper tyrannis)
[ Post Reply | Private Reply | To 6 | View Replies]

To: TurboZamboni; a fool in paradise

Where is Target’s IT department? In Bangalore? Likely half of it is there.


10 posted on 01/19/2014 10:59:17 AM PST by Revolting cat! (Bad things are wrong! Ice cream is delicious! We reserve the right to serve refuse to anyone!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TurboZamboni

One thing for sure, I never use the PIN option with a debit card.


11 posted on 01/19/2014 10:59:29 AM PST by ImJustAnotherOkie (zerogottago)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TurboZamboni

Thanks for posting this. It’s a nice bit of background on a fraud challenge which will be with Target for some time.


12 posted on 01/19/2014 10:59:44 AM PST by Portcall24
[ Post Reply | Private Reply | To 1 | View Replies]

To: rawhide
Here's an interesting piece:

With 40 million stolen credit and debit card accounts used at Target floating around in cyberspace, you’d think everyone would know someone hit by credit card fraud by now.

Not so. Not yet, anyway. In fact, according to one fraud-fighting company, there’s little sign of an increase of fraudulent charges among Target breach victims. What gives?

There’s a difference between having your account number compromised and actually being hit with credit card fraud. One often leads to the other, but not always. At least, not right away.

BillGuard is a third-party service that lets consumers register their credit cards, then uses software to scan bills for fraud. Mick Weinstein, vice president of marketing at BillGuard, says 32,000 BillGuard customers were among those whose account info was stolen in the Target card heist — meaning they used their cards at the retailer during the nearly three-week stretch when hackers were siphoning off the card numbers.

Among those 32,000 accounts, about 2% were hit with fraud by the end of last week, Weinstein said — almost exactly the same fraud rate as a control sample of BillGuard customers who weren’t Target victims.

13 posted on 01/19/2014 11:01:01 AM PST by nascarnation (I'm hiring Jack Palladino to investigate Baraq's golf scores.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: TurboZamboni

I would bet that the cause is not just in the code. As always, it is a systemic cause, organization of the department in charge, whether affirmative action, or butt kissing environment, or hurry up and roll it out, we’ll fix it later, we’ve got a deadline, organizations get corrupt just like governments get corrupt.


14 posted on 01/19/2014 11:03:10 AM PST by Revolting cat! (Bad things are wrong! Ice cream is delicious! We reserve the right to serve refuse to anyone!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TurboZamboni

not unlike Obamacare!

Obamacare is reportedly LESS SECURE than this

Good thing there are far fewer people at the obamacare website


15 posted on 01/19/2014 11:10:35 AM PST by Mr. K (If you like your constitution, you can keep it...Period.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: CurlyDave

Well all I’ve heard about is stolen CC numbers, but nothing about actual use (or misuse) of those numbers.

Has anyone lost any real money?


16 posted on 01/19/2014 11:11:34 AM PST by Balding_Eagle (Over production, one of the top 5 worries for the American Farmer every year.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: CurlyDave

OK, I read the linked article. there have been some charges made to stolen cards.


17 posted on 01/19/2014 11:13:34 AM PST by Balding_Eagle (Over production, one of the top 5 worries for the American Farmer every year.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Balding_Eagle

I’ve heard reported usage of the info. I haven’t looked for links. but they interviewed a few. Used in Africa, and another person got his credit card maxed out while was stranded in Honduras.


18 posted on 01/19/2014 11:21:48 AM PST by Theoria (End Socialism : No more GOP and Dem candidates)
[ Post Reply | Private Reply | To 16 | View Replies]

To: TurboZamboni
Target needs to start Chapter 11 now.

They did not perform their Due Diligence on IT security.

Target hired IT rookies and used Microsoft servers.

The hackers were not genius as they were using microsoft
Visual Basic Scripting phishing the Target network for months.


19 posted on 01/19/2014 11:29:22 AM PST by Uri’el-2012 (Psalm 119:174 I long for Your salvation, YHvH, Your teaching is my delight.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bryanw92

Well, I guess that’s every checkwriter you know (so to speak) minus one.


20 posted on 01/19/2014 11:31:19 AM PST by CatherineofAragon ((Support Christian white males----the architects of the jewel known as Western Civilization.))
[ Post Reply | Private Reply | To 9 | View Replies]

To: TurboZamboni

“Those cards will continue to have value for quite a while. These cards will still be available for purchase a year from now.”

Which is why EVERYONE whose card was stolen should have IMMEDIATELY cancelled their accounts and obtained new cards with new account numbers, despite the BS from Target and others that “monitoring” your bill for a couple of years was all that was necessary.


21 posted on 01/19/2014 11:40:42 AM PST by catnipman (Cat Nipman: Vote Republican in 2012 and only be called racist one more time!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TurboZamboni

BS and four wetawds to write this drivel.

Inside job period.


22 posted on 01/19/2014 12:07:19 PM PST by Vendome (Don't take life so seriously-you won't live through it anyway-Enjoy Yourself ala Louis Prima)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TurboZamboni

Easy access...

Yeah, that’s what they want you to think. Do folks think the Department of Defense and other government sites hit by Wikileaks were easy targets?

Sorry, but I don’t think Target was an easy touch. There are people out there who are very crafty, and can break these systems.

Frankly, I think it would be a hoot if someone were to wait until the NSA states it doesn’t do something, and then release information taken from them that shows they do in fact do it.


23 posted on 01/19/2014 12:08:28 PM PST by DoughtyOne (ZERO is still zero, and John Kerry is a mock-puppet!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: grania

Why not?

They’re insured.,

It’s the credit cards company problemo.


24 posted on 01/19/2014 12:08:54 PM PST by Vendome (Don't take life so seriously-you won't live through it anyway-Enjoy Yourself ala Louis Prima)
[ Post Reply | Private Reply | To 2 | View Replies]

To: nascarnation

Same here. I use Amex for everything. If they detect fraud they issue a new card immediately. Any disputed charge comes off immediately. Safer than cash.


25 posted on 01/19/2014 12:15:09 PM PST by sheana
[ Post Reply | Private Reply | To 3 | View Replies]

To: sheana
Same here. I use Amex for everything. If they detect fraud they issue a new card immediately. Any disputed charge comes off immediately. Safer than cash.

I've stopped paying with my debit and have switched to Amex as well.

26 posted on 01/19/2014 12:23:32 PM PST by Sans-Culotte ( Pray for Obama- Psalm 109:8)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Revolting cat!

Right you are!


27 posted on 01/19/2014 12:44:24 PM PST by Finalmente
[ Post Reply | Private Reply | To 14 | View Replies]

To: Vendome; grania
Why not?

They’re insured.,

It’s the credit cards company problem.

Target is self insured.

28 posted on 01/19/2014 5:38:40 PM PST by Uri’el-2012 (Psalm 119:174 I long for Your salvation, YHvH, Your teaching is my delight.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: UriÂ’el-2012; grania

Yep.


29 posted on 01/19/2014 5:44:16 PM PST by Vendome (Don't take life so seriously-you won't live through it anyway-Enjoy Yourself ala Louis Prima)
[ Post Reply | Private Reply | To 28 | View Replies]

To: rawhide
I only made one purchase at Target during the infected known timespan. So far, nothing from my credit card company.

Near the bottom of the long article it stated that those numbers will still be sold a year from now.

If I had shopped at Target I would change all my numbers. I'm just saying.

Plus, I will now go back to checks when I don't use cash.

30 posted on 01/20/2014 6:30:56 AM PST by The Bat Lady (I will be voting against Cornyn in the TX primary.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: The Bat Lady

You would think Visa would notify me? Maybe they feel my card is okay? It was a credit card I used, not a debit card.


31 posted on 01/20/2014 6:45:30 AM PST by rawhide
[ Post Reply | Private Reply | To 30 | View Replies]

To: Revolting cat!
Where is Target’s IT department? In Bangalore? Likely half of it is there.

More likely all or nearly all.

Good security does not come cheap and Target's goal is to maximize quarterly profits.

Most likely Target out sources IT to a company nominally located in the US or Canada which in turn has it's work done in India. Just like the ObamaCare web site.
32 posted on 01/20/2014 7:16:01 AM PST by khelus
[ Post Reply | Private Reply | To 10 | View Replies]

To: Revolting cat!

I forgot to add that Neiman Marcus and at least three other undisclosed retailers were hit. Probably same scenario.

http://www.tomsguide.com/us/target-neiman-marcus-data-breach-faq,news-18199.html


33 posted on 01/20/2014 7:21:14 AM PST by khelus
[ Post Reply | Private Reply | To 32 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson