go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: February 2014

Go to Homepage [0], contents or to navigation menu



Hackers Break Into Server at St. Joseph Health System Putting 405,000 at Risk | SecurityWeek.Com

Hackers Break Into Server at St. Joseph Health System Putting 405,000 at Risk | SecurityWeek.Com.

Oh boy. Brian said there were possibly more companies involved in December, and here is a story from Security Week that involves one such group. The story is good, and worth the read. While the numbers in this story are smaller than Target, its still not good. Oh boy.

Comments (0)

Target Hackers Broke in Via HVAC Company

Hi folks,
I’m going to paste the full article I just read from Brian Krebs. To read an HTML copy including looking at photos if any, or to comment, Target Hackers Broke in Via HVAC Company is the article name and just click on the link to read it. This was very sophistocated indeed, and we’ll learn more as the investigation progresses.


Target Hackers Broke in Via HVAC Company

Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers.

hvachooverSources close to the investigation said the attackers first broke into the retailer’s network on Nov. 15, 2013 using network credentials stolen from Fazio Mechanical Services, a Sharpsburg, Penn.-based provider of refrigeration and HVAC systems.

Fazio president Ross Fazio confirmed that the U.S. Secret Service visited his company’s offices in connection with the Target investigation, but said he was not present when the visit occurred. Fazio Vice President Daniel Mitsch declined to answer questions about the visit. According to the company’s homepage, Fazio Mechanical also has done refrigeration and HVAC projects for specific Trader Joe’s, Whole Foods and BJ’s Wholesale Club locations in Pennsylvania, Maryland, Ohio, Virginia and West Virginia.

Target spokeswoman Molly Snyder said the company had no additional information to share, citing a “very active and ongoing investigation.”

It’s not immediately clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target’s payment system network. But according to a cybersecurity expert at a large retailer who asked not to be named because he did not have permission to speak on the record, it is common for large retail operations to have a team that routinely monitors energy consumption and temperatures in stores to save on costs (particularly at night) and to alert store managers if temperatures in the stores fluctuate outside of an acceptable range that could prevent customers from shopping at the store.

“To support this solution, vendors need to be able to remote into the system in order to do maintenance (updates, patches, etc.) or to troubleshoot glitches and connectivity issues with the software,” the source said. “This feeds into the topic of cost savings, with so many solutions in a given organization. And to save on head count, it is sometimes beneficial to allow a vendor to support versus train or hire extra people.”

CASING THE JOINT

oktarget

Investigators also shared additional details about the timeline of the breach and how the attackers moved stolen data off of Target’s network.

Sources said that between Nov. 15 and Nov. 28 (Thanksgiving and the day before Black Friday), the attackers succeeded in uploading their card-stealing malicious software to a small number of cash registers within Target stores.

Those same sources said the attackers used this time to test that their point-of-sale malware was working as designed.

By the end of the month — just two days later — the intruders had pushed their malware to a majority of Target’s point-of-sale devices, and were actively collecting card records from live customer transactions, investigators told this reporter. Target has said that the breach exposed approximately 40 million debit and credit card accounts between Nov. 27 and Dec. 15, 2013.

DATA DROPS

While some reports on the Target breach said the stolen card data was offloaded via FTP communications to a location in Russia, sources close to the case say much of the purloined financial information was transmitted to several “drop” locations.

These were essentially compromised computers in the United States and elsewhere that were used to house the stolen data and that could be safely accessed by the suspected perpetrators in Eastern Europe and Russia.

For example, card data stolen from Target’s network was stashed on hacked computer servers belonging to a business in Miami, while another drop server resided in Brazil.

globeauth

Investigators say the United States is currently requesting mutual legal assistance from Brazilian authorities to gain access to the Target data on the server there.

It remains unclear when the dust settles from this investigation whether Target will be liable for failing to adhere to payment card industry (PCI) security standards, violations that can come with hefty fines.

Avivah Litan, a fraud analyst with Gartner Inc., said that although the current PCI standard (PDF) does not require organizations to maintain separate networks for payment and non-payment operations (page 7), it does require merchants to incorporate two-factor authentication for remote network access originating from outside the network by personnel and all third parties — including vendor access for support or maintenance (see section 8.3).

In any case, Litan estimates that Target could be facing losses of up to $420 million as a result of this breach, including reimbursement associated with banks recovering the costs of reissuing millions of cards; fines from the card brands for PCI non-compliance; and direct Target customer service costs, including legal fees and credit monitoring for tens of millions of customers impacted by the breach.

Litan notes these estimates do not take into account the amounts Target will spend in the short run implementing technology at their checkout counters to accept more secure chip-and-PIN credit and debit cards. In testimony before lawmakers on Capitol Hill yesterday, Target’s executive vice president and chief financial officer said upgrading the retailer’s systems to handle chip-and-PIN could cost $100 million.

Target may be able to cover some of those costs through a mesh network of business insurance claims. According to a Jan. 19 story at businessinsurance.com, Target has at least $100 million of cyber insurance and $65 million of directors and officers liability coverage.

Comments (0)

These Guys Battled BlackPOS at a Retailer

I found this a facinating read. We’re finding out more about how these guys went on the attack of Target at least. Brian did an interview, and the transcript is within this article he calls These Guys Battled BlackPOS at a Retailer and I think this should be read. I was telling someone at work, that these guys meant business, and I did tell him about the Trend Micro folks said we’d have one of these a month. I wonder how to protect ourselves from such an attack if this article is correct? Wow.

Comments (0)

Adobe Pushes Fix for Flash Zero-Day Attack

If you are an Adobe user like most people are Adobe Pushes Fix for Flash Zero-Day Attack is a must read for you. It talks about what is up, and it is something we need to do.

Comments (0)

Filing your taxes started Jan 31st. Get your taxes done soon

Brian Krebs posted something of interest today I thought I’d share with you. File Your Taxes Before the Fraudsters Do talks about how tax identity theft starts about now, and if you don’t file, you may not get a return because someone else has claimed the return. Let me know your thoughts.

Comments (0)

GW Micro Announces Window-Eyes Spanish Localization Support

FOR IMMEDIATE RELEASE

Fort Wayne, Indiana (February 3, 2014) – A few weeks ago, GW Micro, Inc. (www.gwmicro.com) and Microsoft (www.microsoft.com) announced a special offer for users of Microsoft Office around the globe. The offer provides a free version of Window-Eyes, a screen reader for people who are blind or visually impaired to anyone who owns Microsoft Office 2010 or later.

GW Micro continues to develop Window-Eyes and strives to enhance the user experience. The most recent result of these efforts is localization support for Spanish being added to the popular product. Spanish localization was accomplished through a collaborative effort between GW Micro and the M&B Trading Company located just north of Mexico City, Mexico.

“As we continue to see a vast increase of Window-Eyes usage both in the US and internationally, we want to ensure that our Spanish-speaking customers are also able to take full advantage of using Window-Eyes,” said Dan Weirich, Vice President of Sales and Marketing for GW Micro.

The Spanish version of Window-Eyes is now available and can be downloaded for free via the offer for users of Microsoft Office at www.WindowEyesForOffice.com. Customers who would like to obtain support for or training on the Spanish version of Window-Eyes are encouraged to contact Elliot Balanza of the M&B Trading Company by phone at 52-55-5898-4630 or via email .

If you are interested in purchasing the retail Spanish version of Window-Eyes, which includes unlimited technical support plus additional benefits, please contact GW Micro or your local dealer. To locate a local dealer in your area, go to: www.gwmicro.com/dealers.

For more information, please email GW Micro at , or call (260) 489-3671.

GW Micro, Inc. (www.gwmicro.com) has been a trusted pioneer in the adaptive technology industry since 1990, and continues to lead with innovative, customer driven solutions.

Contact:

Dan Weirich, VP of Sales and Marketing

(260) 489-3671

###

Comments (0)

Technology podcast 184 is now available!

Well, this podcast seems to go toward security and breach coverage. I went to post a ton of stuff to read, but it seemed to break the RSS. All the articles you might want are on this blog. The podcast lasts 1 hour and 35 minutes, and the biggest segment deals with Janet and my thoughts on the breaches from the last while. I still need to catch up, so we may be posting more. Catch the podcast on the RSS feed. Enjoy!

Comments (0)

« Newer Posts

go to sections menu


navigation menu

go to sections menu