Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(NPR)   Remember Target being hacked and their customers' credit card data being stolen? Turns out that Target had anti-malware software that detected the hack, but the company did nothing about it   (npr.org) divider line 50
    More: Fail, Target, credit cards, Melissa Block, malware, customers  
•       •       •

2038 clicks; posted to Business » on 17 Mar 2014 at 2:07 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



50 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2014-03-17 12:53:52 PM  
If I knew how to do it I would be shorting the hell out of Target stock today
 
2014-03-17 01:16:53 PM  
That sound you just heard was the sound of class action lawyers calling their real estate agents
 
2014-03-17 01:35:42 PM  
Look if their admins responded to every alert they got from the mal-ware detection server, they would have zero time to post their opinions on Fark.  They barely have enough time now between reading the CEO's email and checking out his porn collection.
 
2014-03-17 01:48:58 PM  
I'd be willing to bet the alert about this particular breech was surrounded by hundreds or thousands of others, mostly false positives.  So it just went into a todo pile and didn't get done until it was too late.
 
2014-03-17 01:49:41 PM  
This is why you don't pay system administrators minimum wage and no benefits.
 
2014-03-17 01:50:54 PM  

serial_crusher: I'd be willing to bet the alert about this particular breech was surrounded by hundreds or thousands of others, mostly false positives.  So it just went into a todo pile and didn't get done until it was too late.


If you configure your device correctly, you can weed out a lot of those false positives.
 
2014-03-17 02:11:49 PM  
fireeye and symantec endpoint both flagged it.
 
ZAZ [TotalFark]
2014-03-17 02:25:07 PM  
You can sit and hack a major Fortune 500 company from your couch in Ukraine.

Somebody needs to invade Ukraine.
 
2014-03-17 02:26:19 PM  

SurfaceTension: If I knew how to do it I would be shorting the hell out of Target stock today


This news is about a week old, so any movement in Target's stock would have already happened by now.

I'm just waiting on banks to sue Target for the full costs of fraudulent charges they paid out, plus all expenses incurred for them to cancel the old cards and send new ones to their customers, etc.
 
2014-03-17 02:28:23 PM  

EvilEgg: Look if their admins responded to every alert they got from the mal-ware detection server, they would have zero time to post their opinions on Fark.  They barely have enough time now between reading the CEO's email and checking out his porn collection.


You mean after they've translated it all into Hindi or Romanian?
 
2014-03-17 02:31:02 PM  

AngryDragon: EvilEgg: Look if their admins responded to every alert they got from the mal-ware detection server, they would have zero time to post their opinions on Fark.  They barely have enough time now between reading the CEO's email and checking out his porn collection.

You mean after they've translated it all into Hindi or Romanian?


the porn, the fark opinions or the alert?
 
2014-03-17 02:31:21 PM  

Geotpf: SurfaceTension: If I knew how to do it I would be shorting the hell out of Target stock today

This news is about a week old, so any movement in Target's stock would have already happened by now.

I'm just waiting on banks to sue Target for the full costs of fraudulent charges they paid out, plus all expenses incurred for them to cancel the old cards and send new ones to their customers, etc.


talk about a frivolous lawsuit given the inherent lack of security in the current implementation of credit cards.  The same 23 digits I use to pay for things can be turned right around by the payee to buy something else, yet the bank keep issuing cards in such a broken system.
 
2014-03-17 02:40:49 PM  

ManateeGag: AngryDragon: EvilEgg: Look if their admins responded to every alert they got from the mal-ware detection server, they would have zero time to post their opinions on Fark.  They barely have enough time now between reading the CEO's email and checking out his porn collection.

You mean after they've translated it all into Hindi or Romanian?

the porn, the fark opinions or the alert?


The porn obviously, who wants to read what the CEO of Target emails?
 
2014-03-17 02:52:34 PM  
Sometimes the Target is the CEO!!!!  I would say a DIRECT HIT was made!!!!!
 
2014-03-17 02:54:17 PM  

Geotpf: SurfaceTension: If I knew how to do it I would be shorting the hell out of Target stock today

This news is about a week old, so any movement in Target's stock would have already happened by now.

I'm just waiting on banks to sue Target for the full costs of fraudulent charges they paid out, plus all expenses incurred for them to cancel the old cards and send new ones to their customers, etc.


Me too. I've gone through four cards now thanks to Target. My bank has been remarkably proactive and cool about this, given that it was only their fault insofar as they use a crappy insecure excuse for a credit-card technology.

I'm encouraging them each time we talk to hand Target a nice fat bill for the time and trouble - because when I write Target asking where I send the invoice for my added monitoring and account-update time thanks to their failures, I get the Family-Guy-maid response.

Chip-and-PIN, now, please. Thank you.
 
2014-03-17 03:02:42 PM  

ManateeGag: If you configure your device correctly, you can weed out a lot of those false positives.


That takes time and knowledge of the environment you are protecting.  And that's very difficult when you have a revolving door of InfoSec employees going through your company.

/the manager of their SOC also left a couple of months earlier
 
2014-03-17 03:04:31 PM  

fustanella: Chip-and-PIN, now, please. Thank you.


Chip and PIN solves a problem we were having ten years ago.
 
2014-03-17 03:24:03 PM  

ZZ9 Plural Z Alpha: ManateeGag: AngryDragon: EvilEgg: Look if their admins responded to every alert they got from the mal-ware detection server, they would have zero time to post their opinions on Fark.  They barely have enough time now between reading the CEO's email and checking out his porn collection.

You mean after they've translated it all into Hindi or Romanian?

the porn, the fark opinions or the alert?

The porn obviously, who wants to read what the CEO of Target emails?


Hmmm.  Indian or Romanian babe thread?  Please?
 
2014-03-17 03:31:00 PM  

ManateeGag: serial_crusher: I'd be willing to bet the alert about this particular breech was surrounded by hundreds or thousands of others, mostly false positives.  So it just went into a todo pile and didn't get done until it was too late.

If you configure your device correctly, you can weed out a lot of those false positives.


Have you ever actually tried to monitor traffic on a heterogeneous enterprise network?  Even after you've filtered out "a lot" of those false positives there's still a metric shiat-ton of false positives not to mention that you've no doubt filtered out some real positives threats with the false ones.

This malware detection problem is a thousand times more difficult than trying to filter email spam and there's no spam filter that comes close to 100% accuracy.

Not to cut Target any slack, they did have people monitoring this and a flag was raised that got ignored.
 
2014-03-17 03:51:44 PM  
i cant believe nobody has blamed this on the female CTO yet.

this is more concrete proof of what happens when you put a woman in charge, especially of technology.

/snark
 
2014-03-17 04:09:36 PM  

Dick Gozinya: i cant believe nobody has blamed this on the female CTO yet.

this is more concrete proof of what happens when you put a woman in charge, especially of technology.

/snark


While clueless IT managers come readily in both genders, due to the nature of the industry that attitude is intensified.

Had a female IT Manager come up to me in a panic saying that the files in an FTP folder were in the wrong order in an Explorer window.

smuj.home.comcast.net
 
2014-03-17 04:28:54 PM  
They got flies in their honeypots and didn't do anything.

Well it was nice knowing you, Target. We always considered you the nice Walmart.
 
2014-03-17 04:51:34 PM  

gingerjet: And that's very difficult when you have a revolving door of InfoSec employees going through your company.


This is true.  I constantly get recruiters e-mailing me about jobs in InfoSec for 3 or 6 months contracts.  InfoSec needs continuity to be effective.  There's a certain bit of history about what happened before and what is and isn't important that needs to be maintained.
 
2014-03-17 05:11:32 PM  

ManateeGag: This is true.  I constantly get recruiters e-mailing me about jobs in InfoSec for 3 or 6 months contracts.  InfoSec needs continuity to be effective.  There's a certain bit of history about what happened before and what is and isn't important that needs to be maintained


For higher level infosec people at large companies - it usually takes a year - at least - to build up the knowledge and the contacts that allow you to be remotely good at protecting the company and its assets.

/ironically I was at Target on a 1 year contract a few years back to evaluate vendor access - I left after 3 months after it was clear that nothing was going to get accomplished
 
2014-03-17 05:19:23 PM  

gingerjet: For higher level infosec people at large companies - it usually takes a year - at least - to build up the knowledge and the contacts that allow you to be remotely good at protecting the company and its assets.


CHURCH!
 
2014-03-17 05:22:38 PM  

SurfaceTension: If I knew how to do it I would be shorting the hell out of Target stock today


This news actually broke like a week ago. Reuters is always behind.

And their story is partly wrong. It wasn't that Target didn't notice. Their IT staff was basically upset by the "newfangled technology terking their jerbs" so they actively ignored the alerts. They didn't believe the software worked.


Another piece of this though: how bad is NSA spying when the NSA noticed it in Target's servers?
 
2014-03-17 05:45:49 PM  

Mr. Eugenides: ManateeGag: serial_crusher: I'd be willing to bet the alert about this particular breech was surrounded by hundreds or thousands of others, mostly false positives.  So it just went into a todo pile and didn't get done until it was too late.

If you configure your device correctly, you can weed out a lot of those false positives.

Have you ever actually tried to monitor traffic on a heterogeneous enterprise network?  Even after you've filtered out "a lot" of those false positives there's still a metric shiat-ton of false positives not to mention that you've no doubt filtered out some real positives threats with the false ones.

This malware detection problem is a thousand times more difficult than trying to filter email spam and there's no spam filter that comes close to 100% accuracy.

Not to cut Target any slack, they did have people monitoring this and a flag was raised that got ignored.



They had an an entire SOC that was supposed to monitor and weed out that data and then forward the actual positives on to the security engineers/admins in Minneapolis. The SOC actually did their job. They got the alert(s) and sent it on to corporate headquarters... yet their folks there didn't do anything with that data. There is the disconnect and it shows a couple of concerning issues with their incident response team.

Also have you ever used FireEye? I have, and I use it daily in my enterprise. If it is spewing out so many false positives that you can't weed out actionable data then you have bigger problems than malware.
 
2014-03-17 05:46:06 PM  

Nexzus: Dick Gozinya: i cant believe nobody has blamed this on the female CTO yet.

this is more concrete proof of what happens when you put a woman in charge, especially of technology.

/snark

While clueless IT managers come readily in both genders, due to the nature of the industry that attitude is intensified.

Had a female IT Manager come up to me in a panic saying that the files in an FTP folder were in the wrong order in an Explorer window.

[smuj.home.comcast.net image 197x151]


uhhh what?
 
2014-03-17 06:00:33 PM  

make me some tea: This is why you don't pay system administrators minimum wage and no benefits.


Or outsource / contract them...
 
2014-03-17 07:14:38 PM  

serial_crusher: I'd be willing to bet the alert about this particular breech was surrounded by hundreds or thousands of others, mostly false positives.  So it just went into a todo pile and didn't get done until it was too late.


And they probably had 1 person who's job it was to monitor it, and that was on top of his other 10 duties. This is what happens when companies spend millions on the latest and greatest hardware and software but don't spend the money on the manpower to properly run it.
 
2014-03-17 07:47:11 PM  

ongbok: serial_crusher: I'd be willing to bet the alert about this particular breech was surrounded by hundreds or thousands of others, mostly false positives.  So it just went into a todo pile and didn't get done until it was too late.

And they probably had 1 person who's job it was to monitor it, and that was on top of his other 10 duties. This is what happens when companies spend millions on the latest and greatest hardware and software but don't spend the money on the manpower to properly run it.


Actually I'd estimate the opposite of that problem.  Big bureaucracy that spends all their time in meetings and writing TPS reports instead of getting stuff done.  When they redesigned their web site a few years ago, word on the street was that they had somewhere in the ballpark of 1000 developers in India contributing to the project.

/ That's in-house developers.  A lot of functionality is powered by third party vendors.
// I work for one of those vendors.
 
2014-03-17 08:32:18 PM  
From what I understand this all involved a malware attack on the "point of sale (POS) equipment" . Cash registers, basically.

How could there have been "thousands of security alerts" to deal with, on cash registers?

Cash register software should almost never be changed. It's not a general use computer. It runs very special and typically very minimalist software, that is configured just so by the retailer for the special keypad or touchscreen to work as intended, and has drivers to tell the cash drawer to open, and that is ALL it does.

POS equipment runs no apps, has no employees plugging in USB memory sticks, runs no web browser, and is possibly network-booted without even a local hard drive or flash storage.

In short, the Target IT people apparently really dropped the ball here and completely ignored a very obvious problem, in what should be a rock-stable hardware and software environment that almost never changes.
 
2014-03-17 08:40:57 PM  

Geotpf: SurfaceTension: If I knew how to do it I would be shorting the hell out of Target stock today

This news is about a week old, so any movement in Target's stock would have already happened by now.

I'm just waiting on banks to sue Target for the full costs of fraudulent charges they paid out, plus all expenses incurred for them to cancel the old cards and send new ones to their customers, etc.


That reminds me. I need to call my credit union since they sent me a new card with my old number and old expiration date recently.
 
2014-03-17 08:46:24 PM  

Geotpf: SurfaceTension: If I knew how to do it I would be shorting the hell out of Target stock today

This news is about a week old, so any movement in Target's stock would have already happened by now.

I'm just waiting on banks to sue Target for the full costs of fraudulent charges they paid out, plus all expenses incurred for them to cancel the old cards and send new ones to their customers, etc.


They don't have to sue.

If Target doesn't pay, Visa/MC/AMEX will refuse their traffic. That will get their attention very quickly.
 
2014-03-17 08:52:16 PM  
And this had nothing to do with security alerts.

Their overseas NOC detected that the registers where sending data to someplace other than Targets servers and the credit card processor. They alerted corporate who did nothing about it for weeks.

They had the systems in place to shut down everything extremely timely and did nothing about it.

Might also explain why their CIO "I worked up from buyer" resigned not too long ago. Maybe she was in the chain that did nothing.

/they should still get the death penalty
//although taxpayers would probably bail them out
 
2014-03-17 09:13:20 PM  

IanMoone: They had the systems in place to shut down everything extremely timely and did nothing about it.


if it's anything like IT in the places i've worked they did a whole lot of nothing:

week 1: meeting to identify/explain the problem: hopelessly sidetracked when 2 executives begin discussing "concerns" re: systems that are only tangentially related
week 2: meeting to discuss actions/solutions: devolves into passive-aggressive blamefest with no party positively agreeing to any solution ("POS isn't our responsibility"; "We explained the issue, it's yours to fix")
week 3: "didn't we already solve that?" - "I asked X to do it last week and I can't attend, i have a meeting with a vendor"
reschedule
reschedule
etc.
 
2014-03-17 10:02:51 PM  

RoLleRKoaSTeR: make me some tea: This is why you don't pay system administrators minimum wage and no benefits.

Or outsource / contract them...


Or store the data in plain text.
 
2014-03-17 10:38:53 PM  

serial_crusher: I'd be willing to bet the alert about this particular breech was surrounded by hundreds or thousands of others, mostly false positives.  So it just went into a todo pile and didn't get done until it was too late.


That is exactly what happened. The segment they did on the radio actually went in to detail - basically, Target logs thousands of hack attempts per day. It's a very complex task to weed out false positives from legitimate attacks.

Of course, Target also suffered from organizational problems, as well, which served to confound the problem.
 
2014-03-18 12:22:08 AM  

Fooby: From what I understand this all involved a malware attack on the "point of sale (POS) equipment" . Cash registers, basically.

How could there have been "thousands of security alerts" to deal with, on cash registers?


Well there just have to be thousands of security alerts, not specifically on the cash register.  Denial of service attacks on their web site, attempts to hack their online payment processing, employees downloading malware onto the corporate network, etc etc.  Same team deal with all that shiat.

As I understand it the points of sale were aggregating data to a single server in the Target network, which then shipped it off to the hackers.  Likely that last step was what tripped the security alert.

Fooby: Cash register software should almost never be changed. It's not a general use computer. It runs very special and typically very minimalist software, that is configured just so by the retailer for the special keypad or touchscreen to work as intended, and has drivers to tell the cash drawer to open, and that is ALL it does.


That's all it does?  So it doesn't have to send payment information to other computers on the network?  That seems odd.
They never have to update the configuration for how it talks to those other machines, or what payment methods it accepts?  Magical.
They don't apply patches periodically when bugs are discovered?  Because they got it all right the first time?

Those POSes probably run on Windows, but I guarantee they're not all getting patched on the first Tuesday of every month.  You can fault Target for buying shiatty POSes, but the alternative is probably to build their own.  There's a lot of "that's just how it's done" to contend with here.
 
2014-03-18 12:55:36 AM  
And, OBTW, no cardholders were harmed in the commission of this spectacular ripoff.  Why do the little people get so wound up over this stuff? You, the cardholder, are NOT responsible for fraudulent use of your credit card.  This is NOT your problem!  The banks and the card processors long ago decided it was cheaper to take the hit and let the criminals get away with it than it was to implement anything like effective security.  They're no doubt right about thiis.  Just like Ford was right about the cost of fixing exploding Pinto gas tanks.

So stop worrying, little people!  Worst case is your credit card gets canceled and you have to wait until FedEx shows up tomorrow with your new cards. Leben ist schwer! Deal with it.
 
2014-03-18 08:34:47 AM  
Easy for you to say..I had to reset up 6 auto withdrawal payments again with the updated info, literally took over a full hour..
 
2014-03-18 09:13:58 AM  

Virulency: Nexzus: Dick Gozinya: i cant believe nobody has blamed this on the female CTO yet.

this is more concrete proof of what happens when you put a woman in charge, especially of technology.

/snark

While clueless IT managers come readily in both genders, due to the nature of the industry that attitude is intensified.

Had a female IT Manager come up to me in a panic saying that the files in an FTP folder were in the wrong order in an Explorer window.

uhhh what?


If I had to guess, she was attempting to use special characters as a prefix to alter alphabetical formatting (underscore, tilde, bang, etc) so that certain files or folders were pre-sorted to a specific order. Different systems order those characters in different orders.

I guess this because I received the same complaint over these circumstances. But not from an IT Manager, so I guess it's not as bad.
 
2014-03-18 09:54:38 AM  
The anti-malware software detected the security breach but they did nothing about it?

It looks like this corporation...

[puts on sunglasses]

...missed the target.

YAAAAAAAAHHHHHHHHH!
 
2014-03-18 10:05:25 AM  
Seems they outsourced the tech support to India. How is that money saving working for ya now guys?

LOL
 
2014-03-18 12:32:40 PM  

make me some tea: This is why you don't pay system administrators minimum wage and no benefits.


Dropped in to say this.  Companies these days want the pony, but won't pay for the pony. I see it every day. I feel zero empathy.
 
2014-03-18 12:59:58 PM  

Fooby: In short, the Target IT peoplemanagement apparently really dropped the ball here and completely ignored a very obvious problem, in what should be a rock-stable hardware and software environment that almost never changes.


FTFY

It seems you've never worked corporate IT. Our problems are not technical, they are managerial.

As a sadly common example: some vendor takes a senior management for golf and blowjobs and we're replacing our "hardware and software environment that almost never changes" with a product that may or may not work, paid for by someone who barely understands their own business unit, let alone any technology that supports it. I have 3 awards for bailing out divisions that engaged in such stupidity, and will have another this year for our SAP implementation.

As it relates to TFA, the biggest problem is that a surprising number of companies say "we're not in the IT business" and do their best to underfund computing wherever possible, completely ignoring that damn near every business relies on IT to function - even grandma selling knickknacks on Etsy.
 
2014-03-18 02:55:40 PM  

Fooby: Cash register software should almost never be changed. It's not a general use computer. It runs very special and typically very minimalist software, that is configured just so by the retailer for the special keypad or touchscreen to work as intended, and has drivers to tell the cash drawer to open, and that is ALL it does.

POS equipment runs no apps, has no employees plugging in USB memory sticks, runs no web browser, and is possibly network-booted without even a local hard drive or flash storage.


The Gilbarco Passport system would like to disagree.  These machines run either XP Embedded or server 2K.  It's smarter and much more vulnerable than you might think.

petrotowery.com
 
2014-03-18 05:35:36 PM  

Carousel Beast: Fooby: In short, the Target IT peoplemanagement apparently really dropped the ball here and completely ignored a very obvious problem, in what should be a rock-stable hardware and software environment that almost never changes.

FTFY

It seems you've never worked corporate IT. Our problems are not technical, they are managerial.

As a sadly common example: some vendor takes a senior management for golf and blowjobs and we're replacing our "hardware and software environment that almost never changes" with a product that may or may not work, paid for by someone who barely understands their own business unit, let alone any technology that supports it. I have 3 awards for bailing out divisions that engaged in such stupidity, and will have another this year for our SAP implementation.

As it relates to TFA, the biggest problem is that a surprising number of companies say "we're not in the IT business" and do their best to underfund computing wherever possible, completely ignoring that damn near every business relies on IT to function - even grandma selling knickknacks on Etsy.


I agree.

And to and my $0.02

How a fair amount of the women in IT get into management positions.
img.fark.net

I wish I was kidding or joking around but this happens a lot in the IT industry.
 
2014-03-18 06:05:37 PM  
hi13760:

How a fair amount of the women in IT get into management positions.
[img.fark.net image 342x512]

I wish I was kidding or joking around but this happens a lot in the IT industry.


You may think that.  But then I'm free to think, and point out that you're a misogynist ass.
 
2014-03-18 07:49:42 PM  

Mr. Eugenides: hi13760:

How a fair amount of the women in IT get into management positions.
[img.fark.net image 342x512]

I wish I was kidding or joking around but this happens a lot in the IT industry.

You may think that.  But then I'm free to think, and point out that you're a misogynist ass.


To be fair, I've known a few males who've done that to get into IT management.

/in Health Insurance, Jesus comes to you in meeting.
 
Displayed 50 of 50 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
Advertisement
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report