Email
Password
Remember meForgot password?
    Log in with Twitter

article imageOp-Ed: Is Target responsible for the major cyberattack?

By Nicole Weddington     Mar 14, 2014 in Business
Target has been named as a defendant in over 90 lawsuits with plaintiffs ranging from banks to customers. The plaintiffs are citing negligence on the part of the big box retail giant and are seeking various amounts in compensatory damages.
Target has already spent an estimated $61 million in responding to the incident and that is before dealing with any lawsuit or legal issue. The entire incident has taken a 46 percent bite out of their holiday season profits compared to 2012 numbers.
This was the largest retail hack in U.S. history and it wasn't even all that clever. Pitting the efforts of the hackers against available technology, some would argue that it should have been destined to fail from the beginning.
The kind of lapse in security that has you wondering whether there are any used guns for sale to protect yourself.
And yet, not only did it not fail, it was one of the most successful cyber attacks of its type ever. So why did it work?
In the days leading up to Thanksgiving, somebody managed to install a piece of malware in the company's security and payments system. The purpose was to steal every credit card swiped at every Target store in the United States. When the customer swiped his or her card, the number was captured and the data diverted to a server controlled by the hackers.
It's the kind of breach that would have some customers looking for a structured settlement.
Target appeared to have things under control prior to the incident. They absolutely knew that such an attack was possible. They spent over $1.6 million rolling out malware detection software earlier that year. This software was designed by the same company who writes security software for the Pentagon and the CIA (a company called FireEye).
Target also had a team of security experts in Bangalore whose job it was to monitor computer operations 24/7. The system practically guaranteed that if there was anything suspicious going on, Target's base of security operations in Minneapolis would be notified.
On November 30, the hackers had every piece of the puzzle in place except for one: they needed someplace for all that data to go. They uploaded malware that essentially kept shuffling the stolen data around to various servers in the U.S., then into their servers in Russia.
FireEye spotted the activity. Bangalore got the alert and notified Mineapolis.
That is, apparently, where the story ended. What happened next? Nothing.
Mineapolis didn't react. They didn't even flinch.
So, to recap: Target had a good plan in place. The system worked the way it was supposed to. The machines all did their jobs. FireEye did theirs. Bangalore responded appropriately.
Target seemed completely oblivious and subsequently allowed 40 million credit cards to be stolen while the data flowed like a raging river out of the company's mainframes. Even better, 70 million pieces of customers' personal information including names and phone numbers were stolen as well.
Now, months later, every question related to this problem has been asked either through the media or through the courts but one remains conspicuously unanswered: why did they just ignore it? Until we get an answer to that question it is impossible to shift the blame away from Target.
This opinion article was written by an independent writer. The opinions and views expressed herein are those of the author and are not necessarily intended to reflect those of DigitalJournal.com
More about Target, Security, Cybersecurity, Hacker
More news from