Here’s How Hackers Stole 110 Million Americans’ Data From Target

It appears to be among the biggest phishing catches of all time.

cybersecurity - hacker with credit card and black mask
National Journal
Dustin Volz
Add to Briefcase
Dustin Volz
Feb. 12, 2014, 10:02 a.m.

More than 110 mil­lion Tar­get cus­tom­ers had their cred­it-card in­form­a­tion stolen be­cause at least one em­ploy­ee of a heat­ing and air-con­di­tion­ing con­tract­or suc­cumbed to an email phish­ing scheme, cy­ber­se­cur­ity blog­ger Bri­an Krebs re­por­ted Wed­nes­day.

The rev­el­a­tion, if true, is the strongest in­dic­a­tion yet of what went wrong since Krebs first ex­posed the massive heist of con­sumer fin­an­cial data at the na­tion­al re­tail gi­ant late last year, a start­ling cy­ber­at­tack that has promp­ted in­tense con­gres­sion­al in­quiry. Nei­man Mar­cus and oth­er chains have also re­cently been vic­tim­ized, though it is not be­lieved that the per­pet­rat­ors are the same.

Last week, Krebs re­por­ted that hack­ers in­filt­rated Tar­get’s net­work by swip­ing the lo­gin cre­den­tials of Fazio Mech­an­ic­al Ser­vices, a Pennsylvania-based con­tract­or.

Now, an­onym­ous sources tell Krebs that cre­den­tials “were stolen in an email mal­ware at­tack at Fazio that began at least two months be­fore thieves star­ted steal­ing card data from thou­sands of Tar­get cash re­gisters.” It ap­pears that the cul­prits used a pass­word-steal­ing bot known as Cit­adel to get the job done.

Fazio, in re­sponse to its sud­den no­tori­ety last week, sent out a state­ment ex­plain­ing that it had been “the vic­tim of a soph­ist­ic­ated cy­ber­at­tack op­er­a­tion.” But Krebs notes that the com­pany’s de­fense against ma­li­cious at­tacks was a free ver­sion of a some­what im­pot­ent anti-mal­ware pro­gram, which “is made ex­pli­citly for in­di­vidu­al users and its li­cense pro­hib­its cor­por­ate use.”

Mem­bers of Con­gress are call­ing for a bill to cre­ate a na­tion­al re­port­ing stand­ard for data breaches sim­il­ar to the one that hit Tar­get. Re­tail­ers and fin­an­cial in­sti­tu­tions would be re­quired to no­ti­fy gov­ern­ment and con­sumers of breaches when they oc­cur.

The new rev­el­a­tions ar­rive on a day when the White House rolled out a set of vol­un­tary guidelines in­ten­ded to help busi­nesses de­fend them­selves against hack­ers.

What We're Following See More »
CLOTURE FAILS
Government Shutdown Begins, as Senate Balks at Stopgap
17 minutes ago
THE LATEST

"A stopgap spending bill stalled in the Senate Friday night, leading to a government shutdown for the first time since 2013. The continuing resolution funding agencies expired at midnight, and lawmakers were unable to spell out any path forward to keep government open. The Senate on Friday night failed to reach cloture on a four-week spending bill the House had already approved."

Source:
HUNDREDS OF THOUSANDS IN SUSPICIOUS CHECKS FLAGGED
Mueller’s Team Scrutinizing Russian Embassy Transactions
1 days ago
THE LATEST
PRO-TRUMP SPENDING COULD VIOLATE FECA
FBI Investigating Potential Russian Donations to NRA
1 days ago
THE DETAILS

"The FBI is investigating whether a top Russian banker with ties to the Kremlin illegally funneled money to the National Rifle Association to help Donald Trump win the presidency." Investigators have focused on Alexander Torshin, the deputy governor of Russia’s central bank "who is known for his close relationships with both Russian President Vladimir Putin and the NRA." The solicitation or use of foreign funds is illegal in U.S. elections under the Federal Election Campaign Act (FECA) by either lobbying groups or political campaigns. The NRA reported spending a record $55 million on the 2016 elections.

Source:
DISCLOSURES MORE THAN DOUBLED
Mueller Investigation Leads to Hundreds of New FARA Filings
1 days ago
THE LATEST

"Hundreds of new and supplemental FARA filings by U.S. lobbyists and public relations firms" have been submitted "since Special Counsel Mueller charged two Trump aides with failing to disclose their lobbying work on behalf of foreign countries. The number of first-time filings ... rose 50 percent to 102 between 2016 and 2017, an NBC News analysis found. The number of supplemental filings, which include details about campaign donations, meetings and phone calls more than doubled from 618 to 1,244 last year as lobbyists scrambled to avoid the same fate as some of Trump's associates and their business partners."

Source:
SPEAKING TO HOUSE INTEL COMMITTEE
Hicks to Testify on Friday
1 days ago
THE LATEST
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login