How Did the Hackers Steal Target's Customer Data? Paper Example

How did the hackers steal Target's customer data?

The hackers had access to point-of-sale data, which means that anyone has access to the terminals, where credit cards or data collected in the credit card processors have been passed. It is suspected that it could have been an internal "job" because it seems that the hackers compromised the terminal programs at the points of sale where customers pass the cards when making their purchases. The thieves allegedly obtained access to data from the magnetic strips on the buyers' cards which potentially allowed them to falsify the cards. The attackers managed to access customer names, card numbers, expiration dates, and CVV security codes (Staff & December, 2013). The malware captured the magnetic stripe data at the time the card was passed through the device and the data was stored as simple text. Then, the hackers installed a control server within the same internal network of Target that functioned as a repository for the information collected by the infected point of sale devices, keeping it hidden until it was sent in batches to an external FTP server (Riley, Elgin, Lawrence, & Matlack, 2014). Apparently, this malware was specially designed to avoid being detected by traditional anti-virus tools that protected the POS system. The malware that affected Target was looking for the information of the accounts in the memory of the devices of the points of sale, in this way the criminals managed to get the information directly from the terminals, thus stealing data that included names, postal addresses, addresses of email, phone numbers and card numbers that would then allow them to sell this information to other criminals to end the fraud.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

An increase of between 10 and 20 times more than normal activity in the cards for sale in the underground market was detected through the Easy Solutions DMS (Detect Monitoring Service) service. At this time, the team realized that a massive attack had occurred and alerted our customers (O'Neil, 2015). The interesting thing at that time was that more than 500,000 cards were not of American origin and a very high percentage was of Latin American origin. Later, Target had to revise its initial assessment of the attack when more details were revealed. Hackers had also seized encrypted PIN numbers, and an additional 70 million people had been robbed of their personal information such as names, mailing addresses, phone numbers, and email addresses in a separate attack (Manworren, Letwat, & Daily, 2016).

Armed with the information stolen from the cards, hackers could clone the cards and use them to make purchases of expensive merchandise or to buy gift vouchers that could then be exchanged for cash. Hackers have also sold stolen data on the black market. Stolen card data is sold at prices ranging from $ 20 to $ 100 per card, through a variety of irreversible and untraceable payment systems that include virtual currency and transfer services such as Western Union and MoneyGram (Lunden, 2015). It is known that the PIN numbers stolen in the attack were encrypted, but in case the criminals will be able to overcome these encryption systems, they would be able to withdraw money from ATMs as if it were the legitimate user. Personal information stolen in the incident could also be used in targeted phishing attacks aimed at stealing users' banking access credentials.

Target suffered the theft of nearly 40 million records of credit and debit cards, in addition to another 70 million records with information such as customer addresses and phone numbers. Net income fell to 520 million dollars, 81 cents per share, from 961 million, or 1.47 dollars per share, a year earlier (Lunden, 2015). Sales fell 3.8 percent to 21 thousand 520 million dollars, and missed the estimate of 22 thousand 370 million, according to Thomson Reuters I/B/E/S (Lunden, 2015).

What types of technology could big retailers use to prevent identity thieves from stealing information?

They could use the Authentication and authorization technologies that can help the big retailers to identify if the user that logged in is the real user. The new technology such as biometrics would not allow a person to have access once it recognizes the user's either voice or face or iris or handwriting. This technology is much more accurate to identify theft since the simple logins or passwords could be stolen so easily (Lai, Li, & Hsieh, 2012). If the retailer notices any suspicious information on his system, he should immediately contact the customer either through email or phone to verify if it was the correct user or not. Authentication should be layered, utilizing two or more factors, consisting of something the authorized user knows, something they physically have, and/or something they "are" or biometrics (Greene & Stavins, 2017). Some multi-factor authentication technologies include security tokens (hard or soft), mobile authentication (including digital certificates), and biometric means (fingerprint, facial recognition).

Financial institutions have learned that it is preferable to take a proactive approach to resolve security failures than to suffer the terrible damage to reputation caused by a data breach. However, the attack on Target occurred in the POS terminals of the stores, a third party infrastructure beyond the reach of banks. Financial institutions can take certain measures to protect themselves and their users (Gray & Ladig, 2015). While traditional anti-virus and firewall systems continue to be useful in protecting against easily recognizable threats (for which anti-virus system providers have had time to develop tools), they do not do much in the face of new targeted attacks, which they even have modified daily malware to attack specific targets, as was the case with Target. Big retailers such as financial institutions should monitor the black market as part of detecting monitoring service (DMS) to provide clients with early notifications about massive debit or credit card violations like the one that affected Target and that involved almost all banks and cooperatives of credit in the US (Hemphill & Longstreet, 2016). Although there is very little that financial institutions can do to prevent this type of violations, DMS's proactive protection discovers key indicators and provides early advice to institutions on which cards have been stolen to be canceled before they can be canceled. the fraud happens.

Apart from the monitoring of credit and debit cards committed in the black markets, DMS also provides its fraud intelligence company with which the good reputation of its brand is kept safe by converting mentions of it into proactive actions against fraud. This system covers the monitoring of domains and mobile applications as well as social networks. By constantly scanning these potential environments for fraud, the company will be aware firsthand of any mention of its brand (Solove, 2002). Combined with a solid action plan, the company's brand identity will be secure while the fraud incidents associated with the company will be reduced. Similarly, DMS monitors major application stores such as Apple iTunes, Google Play, BlackBerry and third-party stores. Legitimate applications are registered in the service and if suspicious applications are detected, the appropriate notifications will be sent. The domain monitoring component of DMS investigates the most recent domains in search of material associated with your brand. Even fraudulent websites must be registered during the creation process and DMS constantly monitors domain registration services for suspicious activity that may result in online fraud attacks (Riley et al., 2014). All suspicious domains are classified for review in the portal for the client and immediately the notifications to the corresponding clients are activated.

Serious organizations regarding fraud protection need to build systems flexible enough to adapt to the changing environment of fraud while protecting users across all channels and devices. The only way to achieve this is through systems that complement and share data to strengthen each other (Towle, 2004). Big retailers should have multi-level fraud protection designed to achieve a deep technological integration and make the most of the data to stop fraud at any stage of its life cycle: planning, where the criminal initiates the search for vulnerabilities in its infrastructure that can explode; the launch, when the criminal steals passwords or infects the device of an unsuspecting user with malware; and collecting the profits, where the money comes out of the accounts. If a business is suffering losses due to fraud, it is because a criminal has successfully completed these cycles without being detected.

Through a preventive anti-fraud approach that prevents criminals from completing the cycle of fraud, multi-level fraud protection stops attacks during the planning and launching stages, before they initiate operations and activate other authentication factors based on transactional anomalies. As demonstrated by the violation of Target, there is no magic solution to prevent fraud, and even the best plans cannot prevent an irresponsible third party from losing control over the most sensitive data of its users (Manworren, Letwat, & Daily, 2016). A multilevel fraud protection approach applies through all layers of interaction with users to manage and minimize risk in the ever-changing fraud landscape, as well as giving the business the tools that will allow any identity theft attacks.

What can organizations do to protect themselves from hackers looking to steal account data?

In order to protect themselves and account data from hackers, organizations should, first, ensure that employees are trained and educated on the information security plan and that information security policies are in place and strictly enforced (Baltzan, 2012). Secondly, the organization should utilize prevention and resistance technologies such as "content filtering, encryption, and firewalls" (Baltzan, 2012, p. 151). Another useful plugin is HTTPS Everywhere, which forces the organization's connection to remain encrypted (when the site allows it). It will not work if the site one is surfing it has malware, but in some cases, it helps prevent hackers from sending fake versions of that site (if one is encrypted) and generally prevents hackers from tampering the connection on the authentic site. Organizations should also use virtual private networks (VPN). VPNs are a secure channel between the computer and the internet. If an organization uses a VPN, it first connects to it and then to the rest of the network, adding a further barrier of security and privacy. It is worth investigating a little more about VPNs before using one because some are much better than others (most free ones do not perform their privacy protection functions well).

Organizations can also educate and warn its workers about opening attachments without precaution. cybercriminals have hidden malware in Word attachments or in PDF format. Antivirus can sometimes stop these threats but is better to educate employees about such threats. All computer users should be familiar with firewalls, antivirus programs, and malicious programs (Moscardelli & Liston-Heyes, 2004). These programs work together and should be used to provide the highest level of security to protect your computer. They are necessary to protect you from threats that are intended to damage, frustrate or inflict illegitimate activity on your computer. Firewalls, antivirus programs, and anti-malware programs are essential to protect the organization's information. However, none of them guarantees that protection from an attack. The best way to reduce risk is to com...