The biggest retail hack in U.S. history wasnâ€™t particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013, someone installed malware in Targetâ€™s (TGT) security and payments system designed to steal every credit card used at the companyâ€™s 1,797 U.S. stores. At the critical momentâ€”when the Christmas gifts had been scanned and bagged and the cashier asked for a swipeâ€”the malware would step in, capture the shopperâ€™s credit card number, and store it on a Target server commandeered by the hackers.
Itâ€™s a measure of how common these crimes have become, and how conventional the hackersâ€™ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Targetâ€™s security operations center in Minneapolis would be notified.
Read more at Bloomberg Businessweek.