Early in December rumors began bouncing across cyberspace that retail giant Target had been hit in an extensive cybercrime scheme, wherein point of sale devices, (read here cash registers) had been infected with a program designed to steal credit card details. The attack seems to have been concentrated on the “Black Friday” sale after Thanksgiving, one of the busiest shopping days of the year. Since then a number of the stolen credit cards have been cloned and sold online, and retailers and credit card companies have been sent scrambling to contain the damage.
More details about the specifics of the breach have become available as time goes on. Security journalist Brian Krebs, who broke the story and has been a driving force in the public exposition of the damage, has revealed the method used by the attackers to penetrate into Target’s network. The attackers sent spearphishing emails to a subcontractor who had access to parts of Target’s internal networks, Fazio Mechanical, and used the access credentials they gained within this heating, ventilation and air conditioning company to break into the Target network.
The breach potentially exposed millions of consumer credit cards, and many have shown up for sale on forums within the deep web. In response to the scale of the breach, hearings have been held in Congress on methods to prevent similar breaches in the future. One proposed method is to transition to smartcard technologies over the 1960’s era magnetic strips that currently employed.