The Target breach should go down as a learning experience for everyone from customers to other corporations and their IT Security departments. The more information that is released around this breach the more interesting it gets. As someone looking from the outside in there needs to be more objectivity around what happened and the media isn’t doing a very good job to explain the details. Regardless how it transpired, 70 to 110 million people had their personal information leaked, myself being one of them.
In the months to come there will be story after story that will show the breakdown of technology, procedures, policies, processes, and personnel that allowed the malware to slip into the second largest retailers systems. The latest story that came out recently was where the information was sent and the author of the malware that stole the data.
Two security companies analyzed the malware code that infected Target and discovered that the stolen data was sent to servers in Russia. Now from the basic IT Security mind you would question why Target’s computers would be allowing any of their internal servers to communicate to Russia or any other blacklisted country (North Korea, Iran, China and other rogue nations). In defense of Target, I have no doubt Target’s network perimeters are locked down to prevent this type of communication. From the scanning of the headline though this is what you think, traffic flowed from Target to Russia. This is not the case.
It does appear the stolen Target data was sent to Russia but not via a Target computer. The malware was very sophisticated, instead of sending the data to Russia directly it sent it to another compromised server within Target which in turn sent to another server within the United Sates that then sent it on to Russia or was downloaded from Russia sources. A few middle man transmission severs and the blacklisted Russian IPs were just sidestepped. In network security practice blocking the bad countries is entry-level but it’s not enough.
If the thieves can’t get their loot to where they want it through Path A they will create and use Path B to C to D then to destination. Hackers and thieves are a crafty and resourceful bunch. Determined thieves only have to be right one time, corporate IT security protection programs have to be right all the time.
This breach may end up being the catalyst to finally push the United States for wider Smart Card (EMV) adoptions, tougher audit scrutiny, and customer awareness on how fragile and exposed our current transactional systems are. If not, others will occur, over and over again.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.