Historical Hacks: The Target Breach

5Gmb...M2Ub
22 Jun 2024
201

If you aren’t a medium member, you can read with no paywall via substack

From a security perspective, when you look back at a data breach or cyber security incident, there is often plenty of interesting data that are able to be reviewed to understand how the incident occurred and what the damage was. Often, with the benefit of hindsight, it’s pretty easy to look and instantly understand how and why an event occurred which means we can apply this experience later on in an attempt to strengthen defences.

The point has also been raised in earlier articles that often, large-scale events have occurred due to badly configured security systems or policies. In today’s article, we’ll be exploring one of these incidents by taking a look at the Target data breach. At the time, it was one of the largest retail hacks in history and as such it garnered significant media attention. It also provides an interesting twist in that despite Intrusion Detection Systems being involved, the warnings they provided were in fact, ignored.
Let’s check it out. 

The Background

Back in the late 2000s, the internet and the commercial world were starting to fuse together, with large numbers of systems and services being put online. While many of these systems would be adequately secured, others would be severely lacking. And, due to the evolution of new technology, rather than simply having a business website online, many companies and businesses were going all in on IOT systems as well, with inventory management systems, point of sale systems and even HVAC systems being put online for monitoring and management. 

While this promised much in terms of efficiency and monitoring capabilities, once a device has been put online then it must be adequately secured to mitigate the threats and risks around cyberattacks. While we understand the risks around failing to do this much more clearly in the present day, back then attitudes toward security were a lot different from what we see today. 

Target was one of the retailers that took the time to leverage this new technology for their own stores. Not only were they putting services online, but third-party vendors were also given access to the networks. It was this third-party access that would end up being the source of Target’s woes. 
However, it wasn’t all bad news just yet. In keeping with the times, Target also made the decision to install a network-wide intrusion detection system to help identify attempts to breach the company's network.
 

The Hack

Coming to the attention of the public in late 2013 it was first revealed that the hack came via a third-party company that had network access to maintain the Heating & Ventilation (HVAC) systems. While the breach was initially thought to be small-scale, it didn’t take long to realise that lateral movement had occurred. Not only had the hackers breached the network, but they’d also stolen large quantities of data AND installed malicious point-of-sale software into many of Target’s machines as well. 

As further information was revealed about the hack, things went from bad to much much worse. Firstly, it was revealed that the lateral movement had occurred due to a failure to isolate sensitive systems within the network. Worse still, revision and analysis of the systems logs also showed that the company's Intrusion Detection System (IDS) had triggered multiple alerts waning of the breach, however, most of these were simply ignored. 

The logs also showed that a software package called BlackPOS had been used to assist in the hack. This software carried out automated network scanning, looking for the card readers that were attached to computers on the network. When it identified these systems, it installed itself and then exfiltrated much of its data outside the network. 


When all was said and done, millions of records had been compromised by the hackers, leading to a PR nightmare for Target who was now facing multiple lawsuits due to the incident. 

So Who Was It?

While this incident provided much in the way of interesting twists there was yet another that would occur. Typically, in a lot of cybersecurity incidents, there’s usually a clear path that can provide enough insight into the incident to identify the hacker. This doesn’t always mean the perpetrator is arrested but what it does mean is that industry can learn from the event and apply that knowledge later on. 

However, in this event, there was little information to go on. Not only was there no identity, but authorities and specialists could geolocate some of the internet traffic to an area of the globe however they then were unable to identify who the traffic actually belonged to.
While most traffic was geolocated to Eastern Europe, most specialists hypothesized that cybercrime groups targeting retailers and online merchants were most likely responsible for the attack. 


Lessons Learnt

While this hack affected one retailer, the impact of the attack and the scope of the damage caused industry-wide repercussions. Not only was Target facing multiple lawsuits for it’s daily to secure data and control its networks but the attack had gained the attention of regulators as well, leading to discussions about the ways large companies handled data security and cybersecurity issues. 

For many shoppers though, the damage was done. Due to the sheer size of the breach, many people were affected and despite being the early days of large-scale breaches for a lot of people the damage had been done. Post-incident Target would reflect large losses due to declining in-store sales, while the online arm of its business would take significant hits as well. 

While Target would eventually recover from the event, the incident provided a wake-up call to many companies and retailers who started to realise that their own security was lacking as well. In the long term, this would lead to further changes around cybersecurity protocols and incident response strategies. 

However, with some of the largest data breaches in history occurring between 2022 and 2024, it’s fair to say that this issue is one that still exists in our world today. 

Medium has recently made some algorithm changes to improve the discoverability of articles like this one. These changes are designed to ensure that high-quality content reaches a wider audience, and your engagement plays a crucial role in making that happen.

If you found this article insightful, informative, or entertaining, we kindly encourage you to show your support. Clapping for this article not only lets the author know that their work is appreciated but also helps boost its visibility to others who might benefit from it.

🌟 Enjoyed this article? Support our work and join the community! 🌟

💙 Support me on Ko-fi: Investigator515

📢 Join our OSINT Telegram channel for exclusive updates or

📢 Follow our crypto Telegram for the latest giveaways

🐦 Follow us on Twitter and

🟦 We’re now on Bluesky!

🔗 Articles we think you’ll like:

  1. What The Tech?! Rocket Engines
  2. OSINT Investigators Guide to Self Care & Resilience


✉️ Want more content like this? Sign up for email updates

Join our Crypto focused Telegram Channel!

Telegram

Enjoy this blog? Subscribe to Investigator515

2 Comments