The Technology blog and podcast
This is for the technology blog and podcast Commentary, articles, and podcasts
Hackers Break Into Server at St. Joseph Health System Putting 405,000 at Risk | SecurityWeek.Com
Hackers Break Into Server at St. Joseph Health System Putting 405,000 at Risk | SecurityWeek.Com.
Oh boy. Brian said there were possibly more companies involved in December, and here is a story from Security Week that involves one such group. The story is good, and worth the read. While the numbers in this story are smaller than Target, its still not good. Oh boy.
Comments (0)
Target Hackers Broke in Via HVAC Company
Hi folks,
I’m going to paste the full article I just read from Brian Krebs. To read an HTML copy including looking at photos if any, or to comment, Target Hackers Broke in Via HVAC Company is the article name and just click on the link to read it. This was very sophistocated indeed, and we’ll learn more as the investigation progresses.
Target Hackers Broke in Via HVAC Company
Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers.
hvachooverSources close to the investigation said the attackers first broke into the retailer’s network on Nov. 15, 2013 using network credentials stolen from Fazio Mechanical Services, a Sharpsburg, Penn.-based provider of refrigeration and HVAC systems.
Fazio president Ross Fazio confirmed that the U.S. Secret Service visited his company’s offices in connection with the Target investigation, but said he was not present when the visit occurred. Fazio Vice President Daniel Mitsch declined to answer questions about the visit. According to the company’s homepage, Fazio Mechanical also has done refrigeration and HVAC projects for specific Trader Joe’s, Whole Foods and BJ’s Wholesale Club locations in Pennsylvania, Maryland, Ohio, Virginia and West Virginia.
Target spokeswoman Molly Snyder said the company had no additional information to share, citing a “very active and ongoing investigation.”
It’s not immediately clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target’s payment system network. But according to a cybersecurity expert at a large retailer who asked not to be named because he did not have permission to speak on the record, it is common for large retail operations to have a team that routinely monitors energy consumption and temperatures in stores to save on costs (particularly at night) and to alert store managers if temperatures in the stores fluctuate outside of an acceptable range that could prevent customers from shopping at the store.
“To support this solution, vendors need to be able to remote into the system in order to do maintenance (updates, patches, etc.) or to troubleshoot glitches and connectivity issues with the software,” the source said. “This feeds into the topic of cost savings, with so many solutions in a given organization. And to save on head count, it is sometimes beneficial to allow a vendor to support versus train or hire extra people.”
CASING THE JOINT
oktarget
Investigators also shared additional details about the timeline of the breach and how the attackers moved stolen data off of Target’s network.
Sources said that between Nov. 15 and Nov. 28 (Thanksgiving and the day before Black Friday), the attackers succeeded in uploading their card-stealing malicious software to a small number of cash registers within Target stores.
Those same sources said the attackers used this time to test that their point-of-sale malware was working as designed.
By the end of the month — just two days later — the intruders had pushed their malware to a majority of Target’s point-of-sale devices, and were actively collecting card records from live customer transactions, investigators told this reporter. Target has said that the breach exposed approximately 40 million debit and credit card accounts between Nov. 27 and Dec. 15, 2013.
DATA DROPS
While some reports on the Target breach said the stolen card data was offloaded via FTP communications to a location in Russia, sources close to the case say much of the purloined financial information was transmitted to several “drop” locations.
These were essentially compromised computers in the United States and elsewhere that were used to house the stolen data and that could be safely accessed by the suspected perpetrators in Eastern Europe and Russia.
For example, card data stolen from Target’s network was stashed on hacked computer servers belonging to a business in Miami, while another drop server resided in Brazil.
globeauth
Investigators say the United States is currently requesting mutual legal assistance from Brazilian authorities to gain access to the Target data on the server there.
It remains unclear when the dust settles from this investigation whether Target will be liable for failing to adhere to payment card industry (PCI) security standards, violations that can come with hefty fines.
Avivah Litan, a fraud analyst with Gartner Inc., said that although the current PCI standard (PDF) does not require organizations to maintain separate networks for payment and non-payment operations (page 7), it does require merchants to incorporate two-factor authentication for remote network access originating from outside the network by personnel and all third parties — including vendor access for support or maintenance (see section 8.3).
In any case, Litan estimates that Target could be facing losses of up to $420 million as a result of this breach, including reimbursement associated with banks recovering the costs of reissuing millions of cards; fines from the card brands for PCI non-compliance; and direct Target customer service costs, including legal fees and credit monitoring for tens of millions of customers impacted by the breach.
Litan notes these estimates do not take into account the amounts Target will spend in the short run implementing technology at their checkout counters to accept more secure chip-and-PIN credit and debit cards. In testimony before lawmakers on Capitol Hill yesterday, Target’s executive vice president and chief financial officer said upgrading the retailer’s systems to handle chip-and-PIN could cost $100 million.
Target may be able to cover some of those costs through a mesh network of business insurance claims. According to a Jan. 19 story at businessinsurance.com, Target has at least $100 million of cyber insurance and $65 million of directors and officers liability coverage.
Comments (0)
These Guys Battled BlackPOS at a Retailer
I found this a facinating read. We’re finding out more about how these guys went on the attack of Target at least. Brian did an interview, and the transcript is within this article he calls These Guys Battled BlackPOS at a Retailer and I think this should be read. I was telling someone at work, that these guys meant business, and I did tell him about the Trend Micro folks said we’d have one of these a month. I wonder how to protect ourselves from such an attack if this article is correct? Wow.
Comments (0)
Adobe Pushes Fix for Flash Zero-Day Attack
If you are an Adobe user like most people are Adobe Pushes Fix for Flash Zero-Day Attack is a must read for you. It talks about what is up, and it is something we need to do.
Comments (0)
Filing your taxes started Jan 31st. Get your taxes done soon
Brian Krebs posted something of interest today I thought I’d share with you. File Your Taxes Before the Fraudsters Do talks about how tax identity theft starts about now, and if you don’t file, you may not get a return because someone else has claimed the return. Let me know your thoughts.
Comments (0)
GW Micro Announces Window-Eyes Spanish Localization Support
FOR IMMEDIATE RELEASE
Fort Wayne, Indiana (February 3, 2014) – A few weeks ago, GW Micro, Inc. (www.gwmicro.com) and Microsoft (www.microsoft.com) announced a special offer for users of Microsoft Office around the globe. The offer provides a free version of Window-Eyes, a screen reader for people who are blind or visually impaired to anyone who owns Microsoft Office 2010 or later.
GW Micro continues to develop Window-Eyes and strives to enhance the user experience. The most recent result of these efforts is localization support for Spanish being added to the popular product. Spanish localization was accomplished through a collaborative effort between GW Micro and the M&B Trading Company located just north of Mexico City, Mexico.
“As we continue to see a vast increase of Window-Eyes usage both in the US and internationally, we want to ensure that our Spanish-speaking customers are also able to take full advantage of using Window-Eyes,” said Dan Weirich, Vice President of Sales and Marketing for GW Micro.
The Spanish version of Window-Eyes is now available and can be downloaded for free via the offer for users of Microsoft Office at www.WindowEyesForOffice.com. Customers who would like to obtain support for or training on the Spanish version of Window-Eyes are encouraged to contact Elliot Balanza of the M&B Trading Company by phone at 52-55-5898-4630 or via email .
If you are interested in purchasing the retail Spanish version of Window-Eyes, which includes unlimited technical support plus additional benefits, please contact GW Micro or your local dealer. To locate a local dealer in your area, go to: www.gwmicro.com/dealers.
For more information, please email GW Micro at , or call (260) 489-3671.
GW Micro, Inc. (www.gwmicro.com) has been a trusted pioneer in the adaptive technology industry since 1990, and continues to lead with innovative, customer driven solutions.
Contact:
Dan Weirich, VP of Sales and Marketing
(260) 489-3671
###
Comments (0)
Technology podcast 184 is now available!
Well, this podcast seems to go toward security and breach coverage. I went to post a ton of stuff to read, but it seemed to break the RSS. All the articles you might want are on this blog. The podcast lasts 1 hour and 35 minutes, and the biggest segment deals with Janet and my thoughts on the breaches from the last while. I still need to catch up, so we may be posting more. Catch the podcast on the RSS feed. Enjoy!
Comments (0)
navigation menu
- Archives
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- Categories of this blog
- Subscribe to Blog via Email
- The tech blog’s pages
- Blogroll