Report Says Target Could Have Stopped Hacker Attack, But Didn’t
By technology editor Ian Bush
MINNEAPOLIS, Minn. (CBS) — Target Corporations’s computer security systems raised a red flag that hackers were launching an attack, but the retailer failed to act on the warning, according to a new report in Bloomberg Businessweek, which says more than 100 million holiday shoppers could have been shielded from the data breach if Target had acted faster.
But Target says it’s not fair to speculate before their investigation is complete.
Target was apparently ready for a potential invasion with a product called FireEye. Drexel University criminal justice professor Rob D’Ovidio says that’s the same malware defense used by the CIA and the military.
“It goes beyond what traditional detections systems do, in that it examines the data, or, in this case, the particular code, before it’s even interjected into the network,” he tells KYW Newsradio.
The Bloomberg report says FireEye’s alarms were triggered as the hackers installed malicious software to capture the trove of personal information from Target’s computers, with enough time to have allowed the retailer to stop a single credit card number from leaking.
But, according to the story, the automatic “kill switch” for an attack of that sort had been disabled.
D’Ovidio says Target is not alone:
“Security often takes the back seat to selling,” he says. “I think this should be a call to raise the bar within the retail sector in terms of security policies and practices. We need to go beyond industry-standard practices because industry-standard practices here resulted in millions of people being affected by this breach.”