BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Wikileaks Claims Ecuador Cut Assange's Internet After Clinton Leak - UPDATED
Feds Walk Into A Building, Demand Everyone's Fingerprints To Open Phones
Clinton Claims Putin's Hackers Are Punting For Trump
To The Next President: Get A National Cybersecurity Strategy
Is This One Company To Blame For Cameras Exploited In Record Web Attacks?
Yahoo: An Innocent Victim Or A Government Stooge?
Edit Story
Tech

Researchers Report Exact Timeline Of Massive Target Data Breach

Anthony Wing Kosner
Former Contributor
Opinions expressed by Forbes Contributors are their own.
Quantum of Content and innovations in user experience
This article is more than 10 years old.

Following yesterday's identification by Brian Krebs of the exact malware used in last year's Target personal data breach, the research lab at Seculert analyzed a sample of the malware and describes the attack as having two distinct stages, a characteristic of what it terms an "advanced threat." Critically, the malware infected Target's POS terminals where it "scraped" credit card numbers and other personal data undetected for six days before beginning to transmit that data to an external FTP server through an additional infected computer somewhere on Target's network.

Seculert's analysis revealed the following timeline:

On December 2, the malware began transmitting payloads of stolen data to a FTP server of what appears to be a hijacked website. These transmissions occurred several times a day over a 2 week period. Also on December 2, the cyber criminals behind the attack used a virtual private server (VPS) located in Russia to download the stolen data from the FTP. They continued to download the data over 2 weeks for a total of 11 GBS of stolen sensitive customer information.

The security company also comes to the conclusion that "publicly available access logs indicates that Target was the only retailer affected. So far there is no indication of any relationship to the Neiman Marcus attack."

It's good to know that the attacks on the two retailers are not related, I suppose, but more troubling is a report by Forbes staffer Clare O'Connor this morning about how the data that was stolen dates back a decade! This would indicate that along with scraping data from the magnetic strips on customers' cards at checkout, the criminals were also plundering Target's "backlist." That a record of the towels O'Connor bought a decade ago at Target is still in active duty on the company's servers is yet another example of how big-data-obsessed companies are perhaps holding on to too much for too long.

Most important, the breach that O'Connor discovered through actually reading her mail from Target (something many customers skimmed over or ignored) points to a much larger security problem than has been publicly disclosed. We haven't heard the last of this one!

– – – – – – – – – – – – – – – – – – – –

To keep up with Quantum of Content, please subscribe to my updates on Facebook, follow me on Twitter and App.net or add me on Google+.

Anthony Wing Kosner
Anthony Wing Kosner