Target received multiple security alerts when Black Friday hack started but did nothing about it

[Shawn Knight]

The security breach that led to the theft of some 40 million credit cards from Target late last year wasn’t a result of poor security. The company’s state-of-the-art security system did indeed detect the hack as soon as it started and alerts were sent out… but nothing was done until two weeks later until federal investigators issued a warning.

According to a new report from Bloomberg Businessweek, Target started installing FireEye malware software some six months before the attack. And when hackers started uploading their code to Target’s system, the alarm bells – the most urgent on FireEye’s graded scale – went out. As the hackers uploaded different variants of the malware, more alerts were issued that pointed to unfamiliar malware.

Perhaps the worst part of it all – the FireEye security software has a built-in feature that would have automatically deleted the malware without human intervention. Said feature, however, was disabled which reportedly is common as security teams usually like to have a human in charge of those types of decisions.

What’s more, Target also had Symantec anti-virus installed and it too detected suspicious activity around the same time.

So why then did Target seemingly ignore the alerts? The answer isn’t entirely clear although the publication theorizes that perhaps the security team didn’t fully trust the new alert system or maybe a job vacancy was to blame. Regardless, by the time authorities tipped the retailer off, the damage had already been done.

Permalink to story.

https://www.techspot.com/news/55988-target-received-multiple-security-alerts-when-black-friday-hack-started-but-did-nothing-about-it.html

 

[MilwaukeeMike]

So why then did Target seemingly ignore the alerts?

Because it was Black Friday and everyone was out shopping.

 

[Mallok]

Also potentially halting transactions wouldn't have been considered on Black Friday.

 

[NTAPRO]

Would've turned into a bloodbath with all the rabid customers

 

[Guest]

Security: We have some alarms about some possible malware.
Management: Get me those accounting figures.
Accounting: It's Black Friday for a reason, see $$$$$.
Management: We need to postpone those malware alerts as I'm busy counting $$$$$.
Security: Um, yeah, whatever.

Later....
Management: We lost how much? How can this be?
Accounting: The figures don't lie, we lost $$$$$$$$$$$.
Security: Should we do something about this malware alarm now?
Public: What a mess. I think I just use cash from now on.

 

[Skidmarksdeluxe]

Target only has themselves to blame. their management is responsible for this screw up. I wonder how many heads rolled... It reminds me of the numerous warnings America chose to ignore about the impending attack on Pearl Harbor in back in '41.

 

[misor]

Perhaps the worst part of it all – the FireEye security software has a built-in feature that would have automatically deleted the malware without human intervention. Said feature, however, was disabled which reportedly is common as security teams usually like to have a human in charge of those types of decisions.

I'm a fan of 24's Jack Bauer and so in this case, I suspect that someone was paid to be asleep on the job.