"On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route.
As they uploaded exfiltration malware to move stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them.
Bangalore got an alert and flagged the security team in Minneapolis. And then … Nothing happened.
For some reason, Minneapolis didn’t react to the sirens.
Bloomberg Businessweek spoke to more than 10 former Target employees familiar with the company’s data security operation, as well as eight people with specific knowledge of the hack and its aftermath, including former employees, security researchers, and law enforcement officials.
The story they tell is of an alert system, installed to protect the bond between retailer and customer, that worked beautifully.
But then, Target stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes."
No comments:
Post a Comment