« Continue Browsing

e-mail article Print     e-mail article E-mail

Reuters, Published January 16 2014

Government informs retailers of Target hackers' methods

BOSTON - The U.S. government has provided merchants with information gleaned from its confidential investigation into the massive data breach at Target Corp in an effort to help them thwart similar attacks.

The Department of Homeland Security on Thursday privately released an analysis of advanced malicious software and techniques threatening merchants in a report titled "Indicators for Network Defenders."

The report brings to light some of the first details from the government's highly secretive probes into a recent string of retail breaches, including Target.

Target has disclosed the theft of some 40 million payment card numbers, as well as personal data on 70 million customers, in a cyber attack over the holiday shopping season. Neiman Marcus last week said that it too was victim of a cyber attack, and sources have told Reuters that at least three other well-known national retailers have been attacked.

The Secret Service, which is heading up those investigations, has declined to comment on what it has learned about the attacks or identify other victims besides Target and Neiman Marcus.

Tiffany Jones, a senior vice president of the security intelligence firm iSIGHT Partners, which helped draft the document released on Thursday, said that the government decided to provide information to retailers so they can determine whether their systems have been compromised by hackers.

"The report is to help organizations make sure they are not infected," said Jones, whose firm has been helping the Secret Service in its investigations into the breaches. "And if they are infected, to provide them with the necessary recommendations on mitigation."

A Department of Homeland Security official said the report was drafted to provide the industry "with relevant and actionable technical indicators for network defense."

The document said that an advanced piece of software dubbed the POSRAM Trojan, was used in recent attacks on point-of-sale systems at retailers.

POSRAM is a type of RAM scraper, or memory-parsing software, which enables cyber criminals to grab encrypted data by capturing it when it travels through the live memory of a computer, where it appears in plain text.

While the technology has been around for many years, its use has increased in recent years as retailers have improved their security, making it more difficult for hackers to obtain credit card data using other approaches.

POSRAM succeeded in evading detection by anti-virus software when it infected the Windows-based point-of-sales terminals, according to the report.

"This report was generated so that we could get it into the hands of commercial entities so that they had information they needed to protect themselves," Jones told Reuters in an interview.