Warning: Creating default object from empty value in /nfs/c09/h03/mnt/132495/domains/blog.nfrontsecurity.com/html/wp-content/themes/headlines/functions/admin-hooks.php on line 160

Everything about the Target Hack that you wanted to know but were too afraid to ask

It has been about a little over a month since the retail giant, Target, let the public know about the POS malware that managed to steal the information of about 110 million customers over about a three week period. While Target attempts to recover from one of the largest data hacks in the history or data hacks, others retailers are scrambling to make sure the same things doesn’t happen to them.   With so many reports floating around about this scandal it can be challenging to get an accurate read on what exactly is going on, who is at risk, how all the information was stolen, who stole it… I could go on. After reading, cross referencing and rereading many reports the team at nFront Security has complied all our findings and can hopefully answer the majority of your questions.

What happened?

You don’t need a play-by-play of how the data was stolen; and honestly, it would take me six days to detail exactly what happened so here is the gist: According to PCWorld.com, a malware program called Dexter, or Project Hook, that is uploaded onto POS systems.

You can read the whole article on POS Malware here: http://www.pcworld.com/

How was the information stolen?

This particular malware infecting POS systems is referred to as “RAM scrapers”. This means the virus access the data on the random access memory of the machine- bags up the information it wants before it has been encrypted and ships it off to the bad guys. This all happens in a split second. Target, along with any other retailer you might shop with, uses a third party to process payment card information. When you swipe your payment card, whether it is a credit card or a bank debit card, the information the is stored in the magnetic stripe on the back of your card is read by the machine, stored locally in RAM in plain text and then encrypted and sent off to the payment processing company where it is decrypted and processed. In the short time that it is stored in plain text the malware is able to read it, package it up, and send it off where it can be viewed in plain text and used just like you would use your actual card and card number.   One of the pressing questions is how the malware got onto the POS.  In the majority of cases malware is installed on system via phishing attacks or password compromise.  Often, the OS of such systems have simplistic passwords or “backdoor” accounts that were setup for support by the company or the manufacturer.  Unless the factory default passwords are changed they are usually well known and easily discovered with a web search.  If the passwords have been changed it is possible to compromise basic passwords with a password cracker.

What information was stolen?

The exact name of the information that the malware stole is called Track 1 and Track 2 Data. In layman’s terms- all the information that tells the processing company who to charge. Track 1 includes the card type, account/card number, account holder name, expiration date, types of charges allowed (like a Shell or Kohl’s card), PIN number or CSV/ Card Code. Track 2 data contains the card number, expiration date, types of charges accepted and PIN number. All of this information is typically secured by encryption before it is sent off.

If you want to know what exactly is on the back of your magnetic stripe you can read the rest of the information on this Authorize.net article http://support.authorize.net

And if you are a really big nerd, like us, you can see what the plain text of Track 1,2, and 3 (yes- there is a third) data looks like here http://www.gae.ucm.es

Will this happen again?

While no one has a crystal ball to say if this exact thing will ever happen again, we can speculate that an information hack like this will probably happen again, on a much smaller scale. While industry professionals are working hard to makes sure that our information is safe- the bad guys are also working to try and think of the next clever hack. Should you stop carrying around credit cards and move to a cash only system? Not unless you are one of the six people on the planet that actually likes pennies. There is no reason to stop using all payment cards, and now that this has happened you can rest assured that there will be more precautions taken by companies to ensure they are protecting their machines from malware.

 What can be done to prevent this type of attack from happening again?

One preventative measure that corporations can take is to use strong passwords on the POS systems; you should use strong password on all computer systems. The default Windows password policy does not force the use of reasonable passwords on most networks. A viable option is the use of a third party password filter like this one to ensure employees are using strong, sensible passwords that are not easily hacked.


Looking for more information on protecting your network and enforcing smart, granular password policies? Check out our SlideShare account for more tips, tricks, compliance standards and industry recommended best practice.

Twitter Digg Delicious Stumbleupon Technorati Facebook Email

About Laine Hoke

For more news on recent hacks follow @LainenFront on Twitter

Comments are closed.