Announcement

Collapse
No announcement yet.

Major Target credit and debit card security breach

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Major Target credit and debit card security breach

    By Brain Krebs

    Nationwide retail giant Target is investigating a data breach potentially involving millions of customer credit and debit card records, multiple reliable sources tell KrebsOnSecurity. The sources said the breach appears to have begun on or around Black Friday 2013 — by far the busiest shopping day the year.

    According to sources at two different top 10 credit card issuers, the breach extends to nearly all Target locations nationwide, and involves the theft of data stored on the magnetic stripe of cards used at the stores.

    Minneapolis, Minn. based Target Brands Inc. has not responded to multiple requests for comment. Representatives from MasterCard and Visa also could not be immediately reached for comment.

    Both sources said the breach was initially thought to have extended from just after Thanksgiving 2013 to Dec. 6th. But over the past few days, investigators have unearthed evidence that the breach extended at least an additional week — possibly as far as Dec. 15th. According to sources, the breach affected an unknown number of Target customers who shopped at the company’s bricks-and-mortar stores during that time frame.

    “The breach window is definitely expanding,” said one anti-fraud analyst at a top ten U.S. bank card issuer who asked to remain anonymous. “We can’t say for sure that all stores were impacted, but we do see customers all over the U.S. that were victimized.”

    There are no indications at this time that the breach affected customers who shopped at Target’s online stores. The type of data stolen — also known as “track data” — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATM's.

    It’s not clear how many cards thieves may have stolen in the breach. But the sources I spoke with from two major card issuers said they have so far been notified by one of the credit card associations regarding more than one million cards total from both issuers that were thought to have been compromised in the breach. A third source at a data breach investigation firm said it appears that “when all is said and done, this one will put its mark up there with some of the largest retail breaches to date.”

    Some of the largest retailer breaches to date may help explain what happened in this case. In 2007, retailer TJX announced that its systems had been breached by hackers. The company later learned that thieves had used the store’s wireless networks to access systems at its Massachusetts headquarters that were used to store data related to payment card, check and return transactions at stores across the country, and that crooks had made off with data from more than 45 million customer credit and debit cards.

    In 2009, credit card processor Heartland Payment Systems disclosed that thieves had broken into is internal card processing network, and installed malicious software that allowed them to steal track data on more than 130 million cards.

    This is likely to be a fast-moving story. Stay tuned for updates as they become available.
    The Hackmaster

  • #2
    Target Investigating Data Breach

    Target Confirms Unauthorized Access to Payment Card Data in U.S. Stores

    Issue has been identified and resolved

    MINNEAPOLIS —
    December 19, 2013

    Target today confirmed it is aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores. Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue.

    “Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”

    Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013. Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts. Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident.

    More information is available at Target’s corporate website. Guests who suspect unauthorized activity should contact Target at: 866-852-8680.

    About Target

    Minneapolis-based Target Corporation (NYSE: TGT) serves guests at 1,921 stores – 1,797 in the United States and 124 in Canada – and at Target.com. Since 1946, Target has given 5 percent of its profit through community grants and programs; today, that giving equals more than $4 million a week. For more information about Target’s commitment to corporate responsibility, visit target.com/corporateresponsibility.

    For more information, visit Target.com/Pressroom.
    The Hackmaster

    Comment


    • #3
      Cards Stolen in Target Breach Flood Underground Markets

      By Brian Krebs

      Credit and debit card accounts stolen in a recent data breach at retail giant Target have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card, KrebsOnSecurity has learned.

      Prior to breaking the story of the Target breach on Wednesday, Dec. 18, I spoke with a fraud analyst at a major bank who said his team had independently confirmed that Target had been breached after buying a huge chunk of the bank’s card accounts from a well-known “card shop” — an online store advertised in cyber-crime forums as a place where thieves can reliably buy stolen credit and debit cards.

      There are literally hundreds of these shady stores selling stolen credit and debit cards from virtually every bank and country. But this store has earned a special reputation for selling quality “dumps,” data stolen from the magnetic stripe on the backs of credit and debit cards. Armed with that information, thieves can effectively clone the cards and use them in stores. If the dumps are from debit cards and the thieves also have access to the PIN's for those cards, they can use the cloned cards at ATM's to pull cash out of the victim’s bank account.

      At least two sources at major banks said they’d heard from the credit card companies: More than a million of their cards were thought to have been compromised in the Target breach. One of those institutions noticed that one card shop in particular had recently alerted its loyal customers about a huge new batch of more than a million quality dumps that had been added to the online store. Suspecting that the advertised cache of new dumps were actually stolen in the Target breach, fraud investigators with the bank browsed this card shop’s wares and effectively bought back hundreds of the bank’s own cards.

      When the bank examined the common point of purchase among all the dumps it had bought from the shady card shop, it found that all of them had been used in Target stores nationwide between Nov. 27 and Dec. 15. Subsequent buys of new cards added to that same shop returned the same result.

      On Dec. 19, Target would confirm that crooks had stolen 40 million debit and credit cards from stores nationwide in a breach that extended from Nov. 27 to Dec. 15. Not long after that announcement, I pinged a source at a small community bank in New England to see whether his institution had been notified by Visa or MasterCard about specific cards that were potentially compromised in the Target breach.

      This institution has issued a grand total of more than 120,000 debit and credit cards to its customers, but my source told me the tiny bank had not yet heard anything from the card associations about specific cards that might have been compromised as a result of the Target breach. My source was anxious to determine how many of the bank’s cards were most at risk of being used for fraud, and how many should be proactively canceled and re-issued to customers. The bank wasn’t exactly chomping at the bit to re-issue the cards; that process costs around $3 to $5 per card, but more importantly it didn’t want to unnecessarily re-issue cards at a time when many of its customers would be racing around to buy last-minute Christmas gifts and traveling for the holidays.

      On the other hand, this bank had identified nearly 6,000 customer cards — almost 5 percent of all cards issued to customers — that had been used at Target stores nationwide during the breach window described by the retailer.

      “Nobody has notified us,” my source said. “Law enforcement hasn’t said anything, our statewide banking associations haven’t sent anything out…nothing. Our senior legal counsel today was asking me if we have positive confirmation from the card associations about affected cards, but so far we haven’t gotten anything.”

      When I mentioned that a big bank I’d spoken with had found a 100 percent overlap with the Target breach window after purchasing its available cards off a particular black market card shop called rescator[dot]la, my source at the small bank asked would I be willing to advise his fraud team on how to do the same?

      CARD SHOPPING

      Ultimately, I agreed to help in exchange for permission to write about the bank’s experience without actually naming the institution. The first step in finding any of the bank’s cards for sale was to browse the card shop’s remarkably efficient and customer-friendly Web site and search for the bank’s “BIN's”; the Bank Identification Number is merely the first six digits of a debit or credit card, and each bank has its own unique BIN or multiple BIN's.


      According to the “base” name for all stolen cards sold at this card shop, the proprietor sells only cards stolen in the Target breach.

      A quick search on the card shop for the bank’s BIN's revealed nearly 100 of its customers cards for sale, a mix of MasterCard dumps ranging in price from $26.60 to $44.80 apiece. As one can imagine, this store doesn’t let customers pay for purchases with credit cards; rather, customers can “add money” to their accounts using a variety of irreversible payment mechanisms, including virtual currencies like Bitcoin, Litecoin, WebMoney and PerfectMoney, as well as the more traditional wire transfers via Western Union and MoneyGram.

      With my source’s newly registered account funded via wire transfer to the tune of USD $450, it was time to go shopping. My source wasn’t prepared to buy up all of the available cards that match his institution’s BIN's, so he opted to start with a batch of 20 or so of the more recently-issued cards for sale.

      Like other card shops, this store allows customers to search for available cards using a number of qualifications, including BIN; dozens of card types (MasterCard, Visa, et. al.); expiration date; track type; country; and the name of the financial institution that issued the card.


      A graphic advertisement for stolen cards sold under the “Tortuga” base.

      A key feature of this particular dumps shop is that each card is assigned to a particular “base.” This term is underground slang that refers to an arbitrary code word chosen to describe all of the cards stolen from a specific merchant.

      In this case, my source at the big bank had said all of the cards his team purchased from this card shop that matched Target’s N0v. 27 – Dec. 15 breach window bore the base name Tortuga, which is Spanish for “tortoise” or “turtle.”

      Indeed, shortly after the Target breach began, the proprietor of this card shop — a miscreant nicknamed “Rescator” and a key figure on a Russian-language cyber-crime forum known as “Lampeduza” — was advertising a brand new base of one million cards, called Tortuga.

      Rescator even created a graphical logo in the Lampeduza forum’s typeface and style, advertising “valid 100% rate,” and offering a money-back guarantee on any cards from this “fresh” base that were found to have been canceled by the card issuer immediately after purchase.

      In addition, sometime in December, this shop ceased selling cards from other bases aside from those from the Tortuga base. As the month wore on, new Tortuga bases would be added to shop, with each base incrementing by one with almost every passing day (e.g., Tortuga1, Tortuga2, Tortuga3, etc.).

      Another fascinating feature of this card shop is that it appears to include the ZIP code and city of the store from which the cards were stolen. One fraud expert I spoke with who asked to remain anonymous said this information is included to help fraudsters purchasing the dumps make same-state purchases, thus avoiding any knee-jerk fraud defenses in which a financial institution might block transactions out-of-state from a known compromised card.

      The New England bank decided to purchase 20 of its own cards from this shop, cards from Tortuga bases 6-9, and Tortuga 14 and 15. The store’s “shopping cart” offers the ability to check the validity of each purchased card. Any cards that are checked and found to be invalid automatically get refunded.

      A check of the cards revealed that just one of the 20 had already been canceled.

      The bank quickly ran a fraud and common point-of-purchase analyses on each of the 19 remaining cards. Sure enough, the bank’s database showed that all had been used by customers to make purchases at Target stores around the country between Nov. 29 and Dec. 15.

      “Some of these already have confirmed fraud on them, and a few of them were actually just issued recently and have only been used at Target,” my source told me. Incredibly, a number of the cards were flagged for fraud after they were used to make unauthorized purchases at big box retailers, including — wait for it — Target. My source explained that crooks often use stolen dumps to purchase high-priced items such as Xbox consoles and high-dollar amount gift cards, goods that can be fenced, auctioned or otherwise offloaded quickly and easily for cash.

      My source said his employer isn’t yet sure which course of action it will take, but that it’s likely the bank will re-issue some or all of the 5,300+ cards affected by the Target breach — most likely sometime after Dec. 25.

      The bank is unconcerned that its cards compromised in the Target breach might be used for online shopping fraud because the stolen data does not include the CVV2 — the three digit security code printed on the backs of customer cards. Most online merchants require customers to supply the CVV2 as proof that they posses the legitimate, physical card for the corresponding account that is being used to fund the online purchase.

      Update, 5:20 p.m. ET: In a message to consumers, Target CEO Gregg Steinhafel said Target would be offering free credit monitoring for affected customers. Not sure how credit monitoring helps with this specific breach, but at any rate here’s the rest of his statement:

      “Yesterday we shared that there was unauthorized access to payment card data at our U.S. stores. The issue has been identified and eliminated. We recognize this has been confusing and disruptive during an already busy holiday season. Our guests’ trust is our top priority at Target and we are committed to making this right.

      We want our guests to understand that just because they shopped at Target during the impacted time frame, it doesn’t mean they are victims of fraud. In fact, in other similar situations, there are typically low levels of actual fraud. Most importantly, we want to reassure guests that they will not be held financially responsible for any credit and debit card fraud. And to provide guests with extra assurance, we will be offering free credit monitoring services. We will be in touch with those impacted by this issue soon on how and where to access the service.

      We understand it’s been difficult for some guests to reach us via our website and call center. We apologize and want you to understand that we are experiencing unprecedented call volume. Our Target teams are working continuously to build capacity and meet our guests’ needs.

      We take this crime seriously. It was a crime against Target, our team members, and most importantly, our guests. We’re in this together, and in that spirit, we are extending a 10% discount – the same amount our team members receive – to guests who shop in U.S. stores on Dec. 21 and 22.

      Again, we recognize this issue has been confusing and disruptive during an already busy holiday season. We want to emphasize that the issue has been addressed and let guests know they can shop with confidence at their local Target stores.”
      The Hackmaster

      Comment


      • #4
        Non-US Cards Used At Target Fetch Premium

        By Brian Krebs

        An underground service that is selling credit and debit card accounts stolen in a recent data breach at retail giant Target has stocked its virtual shelves with a new product: Hundreds of thousands of cards issued by non-U.S. banks that were used at Target across the United States during the retailer’s 19-day data breach. It’s not clear how quickly the non-U.S. cards are selling, but they seem to be fetching a much higher price than those issued by U.S. banks.

        On Dec. 20, this blog published a story about the “card shop” rescator[dot]la. That piece explained how two different banks — a small, community bank and a large, top-10 bank — had bought back their customers’ stolen cards from the fraud service and discovered that all of the purchased cards had been used at Target during the breach time frame. The shop was selling data stolen from the magnetic stripe of each card, which thieves can re-encode on to new, counterfeit cards and use to go shopping in bricks-and-mortar stores for items than can easily be fenced or resold.

        As I wrote in that story, a key feature of this particular shop is that each card is assigned to a particular “base.” This term is underground slang that refers to an arbitrary code word chosen to describe all of the cards stolen from a specific merchant. In this case, my source at the big bank had said all of the cards his team purchased from this card shop that matched Target’s N0v. 27 – Dec. 15 breach window bore the base name Tortuga, which is Spanish for “tortoise” or “turtle” (also an island in the Caribbean long associated with pirates). The small bank similarly found that all of the cards it purchased from the card shop also bore the Tortuga base name, and all had been used at Target.


        Cards stolen from non-US customers who shopped at Target are sold under the “Barbarossa” base.

        On Friday, the proprietor of this card shop announced the availability of a new base — “Barbarossa” — which consists of more than 330,000 debit and credit cards issued by banks in Europe, Asia, Latin America and Canada [side note: one Russian expert I spoke with said Barbarossa was probably a reference to Operation Barbarossa, the code name for Germany's invasion of the Soviet Union during World War II].

        According to one large bank in the U.S. that purchased a sampling of cards across several countries — all of the cards in the Barbarossa base also were used at Target during the breach time frame.

        As with cards sold under the Tortuga base, debit and credit cards for sale as part of the Barbarossa base list the country of origin for the issuing bank, and then directly underneath include the state, city and ZIP code of the Target store from which the card numbers were stolen.

        When I first became aware that this card shop was selling only cards stolen from Target stores, I noticed a discussion on a related crime forum wherein customers of this shop seemed very enthusiastic about this ZIP code feature. I couldn’t figure out what the big deal was: I’d assumed the state, city and ZIP described the bank that issued the card.

        Later, I learned from a fraud expert that this feature is included because it allows customers of the shop to buy cards issued to cardholders that live nearby. This lets crooks who want to use the cards for in-store fraud avoid any knee-jerk fraud defenses in which a financial institution might block transactions that occur outside the legitimate cardholder’s immediate geographic region.


        Non-U.S. cards used at Target generally fetch higher prices than U.S. cards, between $67 and $100 apiece.

        The cards for sale in the Barbarossa base vary widely in price from $23.62 per card to as high as $135 per card. The prices seem to be influenced by a number of factors, including the issuing bank, the type of card (debit or credit), how soon the card expires, and whether the card bears a special notation that often indicates a higher credit limit, such as a Platinum card.

        The prices also appear to be influenced partly by how rare it is to find cards for a specific bank available on the black market. The highest-priced cards I found for sale were issued by banks in Singapore, South Korea and the United Arab Emirates.


        Barbarossa base cards issued by Canadian banks. Note that city, state and ZIP code listed indicate the location of the Target store from which the card was stolen.
        The Hackmaster

        Comment


        • #5
          Scammers are preying off of data breach

          By Tom Webb

          Target is warning shoppers to beware of phony consumer-protection emails and text messages, sent by thieves trying to trick consumers into revealing Social Security or account numbers.

          As Christmas Day neared, Target was still coping with aftershocks from the data theft of up to 40 million credit and debit card accounts, revealed last week. On Monday, the Minneapolis-based discounter:

          -- Warned consumers to "be wary of calls or email scams that may appear to offer protection but are really trying to get personal information from you."

          -- Took a huge hit on its reputation, far more severe than the damage caused by similar large-scale breaches, according to a consumer survey released by YouGov BrandIndex.

          -- Confirmed that the massive breach was due to "malware that affected Target's point-of-sale systems," the card-scanners that accept and relay card information.

          -- Said the Department of Justice is investigating the security breach. The DOJ declined to comment. The Secret Service confirmed last week that it is investigating.

          -- Instructed debit-card holders to change their PINs, or personal identification numbers. While those numbers were not stolen in the breach, Target now says that changing them would be "an additional precaution." Target cardholders can change them at Target.com/RCAM.

          -- Had mixed reports about the impact on shopper traffic. Target's weekend storewide promotion of 10 percent off contributed to heavy crowds on the busiest weekend of the year. By some measures, store traffic declined. By other measures, Target held its own.

          From Nov. 27 to Dec. 15, thieves systematically "pilfered private credit and debit card data used at Target's U.S. stores, up to 40 million accounts in all. The breach compromised data from all brands of credit and debit cards, including Target's own Redcards, American Express, Visa and MasterCard. Online purchases were not affected.

          Over the weekend, consumers began to see a growing number of scams related to the Target breach. Some preyed on consumer fears about stolen card numbers and crime rings.

          One text message arriving Sunday, apparently widely sent, claimed the recipient's Visa card had been blocked "due to fraud" and asked shoppers to call an 804 telephone number.

          On the website CallerComplaints.com, a woman named Darlene wrote that she "got a message saying to call because VISA debit card had been limited due to fraud ... called from my home line ... first thing the call asked was for me to enter my debit card # ... something wasn't right."

          On its corporate website, Target warned that others have received calls and emails "from someone who said they were with Target asking for my Social Security number and other personal information."

          Target's advice: "Do not provide that information. Your Social Security number was not compromised ... If you have any questions, hang up and do not respond and contact Target at the number on the back of your card."

          The company added, "If you've received something that you can't confirm on our corporate site, then it is not an official communication from Target."

          The Minnesota Department of Commerce recommends that consumers "be very suspicious of any unsolicited email requesting personal information." Do not open attachments, do not click on links, and check with the actual business to make sure the email is genuine, the department said.

          Target said it will provide credit-monitoring services "to every single guest that was impacted" -- but that service isn't yet available to shoppers.

          "We are in the process of establishing the service and will be reaching out to guests in the coming weeks with more information," Target said Monday.

          Since confirming the security breach Dec. 19, Target has since been overwhelmed by anxious customers flooding its website and call centers. Target said it has increased staffing, but its Facebook page is still awash in complaints.

          "Dear Target, Thanks for ruining my Christmas," wrote Patrice Malkowski in Pennsylvania. "I don't have 3 million other things to do two days before Christmas, but I have been on hold with the card company for over three hours ..."

          Target's consumer-perception scores have taken a huge hit from the breach and later turmoil, based on consumer insight data from YouGov Brand Index. Target isn't the first company to suffer a big security breach, but it seems to be taking a more severe hit.

          "Target's perception dropped more in one day than either PlayStation or Citibank did one week after their breaches became public," wrote Brand Index's Ted Marzilli.

          It took PlayStation's reputation eight weeks to recover from its 2011 data breach, while Citibank took four weeks, Marzilli noted.

          As for store visits, there were mixed reports.

          Retail watcher America's Research Group's CEO Britt Beemer said a consumer survey found "Target weathered the storm from the credit card security breach amazingly well ... largely due to a smart move on their part of giving consumers an additional 10 percent off this past Saturday and Sunday."

          Meanwhile, the retail analysis firm Consumer Growth Partners found that weekend traffic to Target stores was down about 3 percent from last year.

          On Wall Street, Target shares fell another 1 percent Monday, down 61 cents to close at $61.88.

          This story includes information from the Associated Press.
          The Hackmaster

          Comment


          • #6
            Who's Selling Credit Cards from Target?

            By Brain Krebs

            The previous two posts on this blog have featured stories about banks buying back credit and debit card accounts stolen in the Target hack and that ended up for sale on rescator[dot]la, a popular underground store. Today’s post looks a bit closer at open-source information on a possible real-life identity for the proprietor of that online fraud shop.

            Rescator[dot]la is run by a miscreant who uses the nickname Rescator, and is a top member of the Russian and English language crime forum Lampeduza[dot]la. He operates multiple online stores that sell stolen card data, including rescator[dot]la, kaddafi[dot]hk, octavian[dot]su and cheapdumps[dot]org. Rescator also maintains a presence on several other carding forums, most notably cpro[dot]su and vor[dot]cc.


            A private message on cpro[dot]su between Rescator and a member interested in his card shop. Notice the ad for Rescator’s email flood service at the bottom; this will become important as you read on.

            In an Aug. 2011 thread that has since been deleted, Rescator introduced himself to the existing members of vor[dot]cc, a fairly exclusive Russian carding forum. When new members join a carding community, it is customary for them to explain their expertise and list previous nicknames and forums on which they have established reputations.


            Rescator, a.k.a. “Hel” a.k.a. “Helkern” the onetime administrator of the Darklife forum, introduces himself to vor[dot]cc crime forum members.

            In this particular thread, pictured in the screenshot above, we can see Rescator listing his bona fides and telling others he was “Hel,” one of three founders of darklife[dot]ws, a now-defunct hacker forum.


            Rescator says his former nickname was “Hel,” short for Helkern, the administrator of Darklife.

            The only darklife member who matched that nickname was “Helkern,” one of darklife’s three founders. Darklife administrators were all young men who fancied themselves skilled hackers, and at one point the group hacked into the venerable and closely-guarded Russian hacking forum cih[dot]ms after guessing the password of an administrator there.



            Darklife admin “Helkern” brags to other members about hacking into cih[dot]ms, a more elite Russian hacking forum.

            In a counterattack documented in the entertaining thread that is still posted as a trophy of sorts at cih[dot]ms/old/epicfail, hackers from cih[dot]ms hack into the Darklife forum, and post personal photos of Helkern and fellow Darklife leaders, including these two of Helkern:



            And a self-portrait of Helkern:



            So if Helkern is Rescator, who is Helkern? If we check at some of the other Russian forums that Helkern was active in at the time that Darklife was online in 2008, we can see he was a fairly frequent contributor to the now-defunct Grabberz[dot]com; in this cached post, Helkern can be seen pasting an exploit he developed for a remote SQL injection vulnerability. In it, he claims ownership of the ICQ instant messenger address 261333.

            In this introductions page from Russian language gaming forum, a user named Helkern also was active in 2008 and claimed that same ICQ address. Helkern said his email address was [email protected], his Skype address was helkern_skype, and that he lived in Odessa, the third-largest city in Ukraine. Helkern — going by his shortened username “Hel,” also was a VIP member of xaker[dot]name. In this cached post we can see him again claiming the 261333 ICQ address, and pointing out to other members that his real nickname is Helkern.

            Andrew from Odessa’s LiveJournal profile pic from the account ikaikki”

            A historic WHOIS lookup ordered from domaintools.com shows that helkern.net.ua was first registered in 2008 to an Andrey Hodirevski from Illichivsk, a city in the Odessa province of southwestern Ukraine.

            I located a relatively recent Livejournal profile (ikaikki.livejournal.com/profile) for an Andrew Hodirevski from Odessa, Ukraine that includes several profile pictures which are remarkably similar to the photos of Helkern leaked by the cih[dot]ms guys. That profile (“ikaikki“) says Hodirevski’s email address is [email protected], that his Jabber instant message address is [email protected], and that his Twitter account is “purplexcite” (that Twitter has since been deleted). In almost a dozen posts on LiveJournal, Hodirevski talks about his interest in Java programming, and even includes a few pictures of himself attending an instructional class on Java.

            The same anime profile image for Andrew’s LiveJournal page is also on the LinkedIn profile for an Andrew Hodirevski from Ukraine, and the two pages share the aforementioned Twitter profile (purplexcite). Andrew’s LinkedIn page also says he is the administrator and Web developer at a hosting company in Ukraine called ghost.ua.

            That site is no longer online, but a cached copy of it at archive.org shows that the business is located in Odessa at this address[/url], and the phone number +38 (048) 799-53-13. Ghost.ua lists several pricing plans for its servers, naming them after different despotic leaders, including Fidel Castro and Muammar Gaddafi (it is spelled “Kaddafi” on Ghost.ua). Recall as I mentioned at the top of this post that one of the clones of the card shop at Rescator[dot]la is kaddafi[dot]hk.

            This page at it-portfolio.net lists an Andrey Hodirevski from Odessa with the same anime profile image, the “purplexcite” Twitter profile, and a Skype address by the same name. It says his professional skills include programming in Java, CakePHP and MySQL, among others. This Google groups discussion about CakePHP includes a message from an Andrey Hodirevski who uses the email address [email protected].

            Purpled.biz is no longer online, but a cached copy of it from archive.org shows it was once Andrew’s personal site. Here we learned that Andrew’s current goals (as of 2010) were to get married to his girlfriend, buy the $20,000 Toyota Solara pictured below, move to Helsinki, and to achieve world domination. In order to accomplish the latter goal, Andrew jokes that he “will probably have to rob all the banks in the world.”

            After searching my huge personal archive of hacked cybercrime forums for Andrew’s various email and Jabber addresses, I found several private messages sent by different users on the Spamdot[dot]biz forum who recommended to other members the “[email protected]” Jabber address as someone to contact in order to hire a service that could be used to flood someone’s Gmail inbox with tens or hundreds of thousands of junk messages. Recall that this Jabber address is the same one listed at Andrew’s LiveJournal profile.

            To bring this full circle, one of the many services that Rescator sells these days is a popular email flooding service at rescator[dot]me. Turns out, Yours Truly has already been the direct target of an attack launched through Rescator’s service; I wrote about it in this July 2012 story, Cyberheist Smokescreen: Email, Phone, SMS Floods.


            The email flood service at rescator[dot]me

            I have no idea if Rescator/Helkern/Andrew was involved in hacking Target, but it’s a good bet that he at least knows who was. I sought comment from various contact addresses listed above for this individual, and received a reply from someone at kaddafi[dot]me who said he knew Andrew and would relay my questions to him. Ultimately, he came back to me not with answers, but with a bribe not to run my story.

            (1:48:35 PM) krebs//: hi

            (1:48:44 PM) krebs//: brian krebs here

            (1:49:05 PM) krebs//: trying to reach rescator

            (1:49:11 PM) krebs//: aka andrey

            (1:51:12 PM) krebs//: don’t believe it’s really krebs?

            (1:51:15 PM) krebs//: http://krebsonsecurity.com/wp-conten...kaddaficon.png

            (1:53:32 PM) krebs//:

            (1:53:53 PM) krebs//: tyt?

            (2:00:14 PM) kaddafi.me: Hello Brian

            (2:00:24 PM) kaddafi.me has not been authenticated yet. You should authenticate this buddy.

            (2:00:24 PM) Unverified conversation with kaddafi.me/Muammar started. Your client is not logging this conversation.

            (2:00:30 PM) kaddafi.me: ooo you’ve got OTR

            (2:00:37 PM) kaddafi.me: Afraid of NSA? )

            (2:01:38 PM) kaddafi.me: Why do you want to talk to Andrew?

            (2:03:46 PM) krebs//: i am more afraid of others

            [Image] (2:03:56 PM) The privacy status of the current conversation is now: Private

            (2:04:11 PM) kaddafi.me: Yeah well you should after someone sent you drugs from silkroad.

            (2:04:24 PM) krebs//:

            (2:04:59 PM) krebs//: you’re right of course, it’s andrew

            (2:05:17 PM) kaddafi.me: What’s all the commotion about Rescator anyways?

            (2:05:20 PM) krebs//: well i have a story about him going up tomorrow

            (2:05:23 PM) kaddafi.me: Did you even notice other shops are selling same shit?

            (2:05:32 PM) krebs//: sure

            (2:05:46 PM) krebs//: but I’m not looking at other shops right now

            (2:06:05 PM) kaddafi.me: Well you should )

            (2:06:10 PM) krebs//: in time

            Kaddafi promised a response by 10 p.m. ET yesterday. This morning, not seeing a response, I pinged this individual again, and received the following response:

            (10:08:46 AM) kaddafi.me: Hi.

            (10:09:19 AM) kaddafi.me: You better contact me from another jabber that’s not associated with your name, I’ve got an offer for you.

            (10:11:12 AM) krebs//: why from a different jabber?

            (10:11:33 AM) kaddafi.me: Because I’ve got an offer for you. So you don’t think I’m trying to play games and fool around with logs after you read my offer.

            (10:11:52 AM) krebs//: what kind of offer?

            (10:12:27 AM) $10,000 not to post your article

            Obviously, I did not take him up on his offer, assuming he was not just messing with me. Here is a mind map I put together (using MindNode Pro for Mac) that outlines how much of this information was derived and connected.

            [url=http://krebsonsecurity.com/wp-content/uploads/2013/12/resc-mm.png]
            The Hackmaster

            Comment


            • #7
              Names, Emails, Phone Numbers on Up To 70 Million Customers Stolen

              By Brian Krebs

              Nationwide retail giant Target today disclosed that a data breach discovered last month exposed the names, mailing addresses, phone number and email addresses for up to 70 million individuals.

              The disclosure comes roughly three weeks after the company acknowledged that hackers had broken in late last year and stole approximately 40 million customer debit and credit card records.

              “As part of Target’s ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed — was taken during the data breach,” the company said in a statement released Friday morning. ”This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.”

              Target said much of the data is partial in nature, but that in cases where Target has an email address, it will attempt to contact affected guests with informational tips to guard against consumer scams. The retail giant was quick to note that its email communications would not ask customers to provide any personal information as part of that communication.

              Target Chairman Gregg Steinhafel apologized for any inconvenience that the breach may have caused customers, and said he wanted customers to know that “understanding and sharing the facts related to this incident is important to me and the entire Target team.”

              Nevertheless, the company still has not disclosed any details about how the attackers broke in. This lack of communication appears to have spooked many folks responsible for defending other retailers from such attacks, according to numerous interviews conducted by this reporter over the past few weeks.

              This latest disclosure also raises questions about what other types of information may have been jeopardized in this data breach. As part of its statement, Target said it would be offering a year’s worth of free credit monitoring services to those affected. Target does collect Social Security numbers from customers who apply for Target Red Cards, which offer applicants 5 percent cash back if they agree to tie their debit accounts to the Red Card. So far, however, Target has not said anything about compromised Social Security numbers.

              Reading between the lines, one might wonder why Target is providing credit monitoring services to those hit by what is essentially a credit card breach. Many people conflate credit card fraud with identity theft, but these are two very different problems. The former is quite easy for the consumer to resolve, and he or she has very little (if any) liability for fraud. Identity theft, on the other hand, generally involves the creation of new or synthetic lines of credit in the consumer’s name, which can take many years and cost thousands of dollars to resolve.

              The reason Target is offering ID theft protection as a result of this breach probably has more to do with the fact that this step has become part of the playbook for companies which suffer a data breach. Since most consumers confuse credit card fraud with ID theft, many will interpret that to mean that the breached entity is somehow addressing the problem, whereas experts tell me that this offer mainly serves as a kind of “first response” to help the breached entity weather initial public outrage over an intrusion.

              Update, 1:07 p.m. ET: Added additional perspective on this announcement.
              Last edited by dlevere; 01-10-2014, 03:46:29 PM.
              The Hackmaster

              Comment


              • #8
                A First Look At The Target Intrusion, Malware

                By Brian Krebs

                Last weekend, Target finally disclosed at least one cause of the massive data breach that exposed personal and financial information on more than 110 million customers: Malicious software that infected point-of-sale systems at Target checkout counters. Today’s post includes new information about the malware apparently used in the attack, according to two sources with knowledge of the matter.


                The seller of the point-of-sale “memory dump” malware allegedly used in the Target attack.

                In an interview with CNBC on Jan. 12, Target CEO Gregg Steinhafel confirmed that the attackers stole card data by installing malicious software on point-of-sale (POS) devices in the checkout lines at Target stores. A report published by Reuters that same day stated that the Target breach involved memory-scraping malware.

                This type of malicious software uses a technique that parses data stored briefly in the memory banks of specific POS devices; in doing so, the malware captures the data stored on the card’s magnetic stripe in the instant after it has been swiped at the terminal and is still in the system’s memory. Armed with this information, thieves can create cloned copies of the cards and use them to shop in stores for high-priced merchandise. Earlier this month, U.S. Cert issued a detailed analysis of several common memory scraping malware variants.

                Target hasn’t officially released details about the POS malware involved, nor has it said exactly how the bad guys broke into their network. Since the breach, however, at least two sources with knowledge of the ongoing investigation have independently shared information about the point-of-sale malware and some of the methods allegedly used in the attack.

                ‘BLACK POS’

                On Dec. 18, three days after Target became aware of the breach and the same day this blog broke the story, someone uploaded a copy of the point-of-sale malware used in the Target breach to ThreatExpert.com, a malware scanning service owned by security firm Symantec. The report generated by that scan was very recently removed, but it remains available via Google cache.


                According to sources, “ttcopscli3acs” is the name of the Windows computer name/domain used by the POS malware planted at Target stores; the username that the thieves used to log in remotely and download stolen card data was “Best1_user”; the password was “BackupU$r”

                According to a source close to the investigation, that threatexpert.com report is related to the malware analyzed at this Symantec writeup (also published Dec. 18) for a point-of-sale malware strain that Symantec calls “Reedum” (note the Windows service name of the malicious process is the same as the ThreatExpert analysis –”POSWDS”). Interestingly, a search in Virustotal.com — a Google-owned malware scanning service — for the term “reedum” suggests that this malware has been used in previous intrusions dating back to at least June 2013; in the screen shot below left, we can see a notation added to that virustotal submission, “30503 POS malware from FBI”.

                The source close to the Target investigation said that at the time this POS malware was installed in Target’s environment (sometime prior to Nov. 27, 2013), none of the 40-plus commercial antivirus tools used to scan malware at virustotal.com flagged the POS malware (or any related hacking tools that were used in the intrusion) as malicious. “They were customized to avoid detection and for use in specific environments,” the source said.

                That source and one other involved in the investigation who also asked not to be named said the POS malware appears to be nearly identical to a piece of code sold on cybercrime forums called BlackPOS, a relatively crude but effective crimeware product. BlackPOS is a specialized piece of malware designed to be installed on POS devices and record all data from credit and debit cards swiped through the infected system.

                According the author of BlackPOS — an individual who uses a variety of nicknames, including “Antikiller” — the POS malware is roughly 207 kilobytes in size and is designed to bypass firewall software. The barebones “budget version” of the crimeware costs $1,800, while a more feature-rich “full version” — including options for encrypting stolen data, for example — runs $2,300.

                THE ATTACK

                Target has yet to honor a single request for comment from this publication, and the company has said nothing publicly about how this breach occurred. But according to sources, the attackers broke in to Target after compromising a company Web server.

                Somehow, the attackers were able to upload the malicious POS software to store point-of-sale machines, and then set up a control server within Target’s internal network that served as a central repository for data hoovered by all of the infected point-of-sale devices.

                “The bad guys were logging in remotely to that [control server], and apparently had persistent access to it,” a source close to the investigation told KrebsOnSecurity. “They basically had to keep going in and manually collecting the dumps.”

                It’s not clear what type of software powers the point-of-sale devices running at registers in Target’s U.S. stores, but multiple sources say U.S. stores have traditionally used a home-grown software called Domain Center of Excellence, which is housed on Windows XP Embedded and Windows Embedded for Point of Service (WEPOS). Target’s Canadian stores run POS devices from Retalix, a company recently purchased by payment hardware giant NCR. According to sources, the Retalix POS systems will be rolled out to U.S. Target locations gradually at some point in the future.

                WHO IS ANTIKILLER?


                Image: Securityaffairs.co

                A more full-featured Breadcrumbs-level analysis of this malware author will have to wait for another day, but for now there are some clues already dug up and assembled by Russian security firm Group-IB.

                Not long after Antikiller began offering his BlackPOS crimeware for sale, Group-IB published an analysis of it, stating that “customers of major US banks, such as such as Chase (Newark, Delaware), Capital One (Virginia, Richmond), Citibank (South Dakota), Union Bank of California (California, San Diego), Nordstrom FSB Debit (Scottsdale, Arizona), were compromised by this malware.”

                In his sales thread on at least one crime forum, Antikiller has posted a video of his product in action. As noted by Group-IB, there is a split second in the video where one can see a URL underneath the window being recorded by the author’s screen capture software which reveals a profile at the Russian social networking site Vkontakte.ru. Group-IB goes on to link that account to a set of young Russian and Ukranian men who appear to be actively engaged in a variety of cybercrime activities, including distributed denial-of-service (DDoS) attacks and protests associated with the hackivist collective known as Anonymous.

                One final note: Dozens of readers have asked whether I have more information on other retailers that were allegedly victimized along with Target in this scheme. According to Reuters, “smaller breaches on at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target.” Rest assured that when and if I have information about related breaches I feel confident enough about to publish, you will read about it here first.
                The Hackmaster

                Comment


                • #9
                  Important message from Target to our guests

                  Dear Target Guest,

                  As you may have heard or read, Target learned in mid-December that criminals forced their way into our systems and took guest information, including debit and credit card data. Late last week, as part of our ongoing investigation, we learned that additional information, including name, mailing address, phone number or email address, was also taken. I am writing to make you aware that your name, mailing address, phone number or email address may have been taken during the intrusion.

                  I am truly sorry this incident occurred and sincerely regret any inconvenience it may cause you. Because we value you as a guest and your trust is important to us, Target is offering one year of free credit monitoring to all Target guests who shopped in U.S. stores, through Experian’s® ProtectMyID® product which includes identity theft insurance where available. To receive your unique activation code for this service, please go to creditmonitoring.target.com and register before April 23, 2014. Activation codes must be redeemed by April 30, 2014.

                  In addition, to guard against possible scams, always be cautious about sharing personal information, such as Social Security numbers, passwords, user IDs and financial account information. Here are some tips that will help protect you:

                  Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number.

                  Delete texts immediately from numbers or names you don’t recognize.

                  Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.

                  Target’s email communication regarding this incident will never ask you to provide personal or sensitive information.

                  Thank you for your patience and loyalty to Target. You can find additional information and FAQs about this incident at our Target.com/databreach website. If you have further questions, you may call us at 866-852-8680.

                  Gregg Steinhafel



                  Chairman, President and CEO
                  The Hackmaster

                  Comment


                  • #10
                    A Closer Look at the Target Malware, Part II

                    By Brian Krebs

                    Yesterday’s story about the point-of-sale malware used in the Target attack has prompted a flood of analysis and reporting from antivirus and security vendors about related malware. Buried within those reports are some interesting details that speak to possible actors involved and to the timing and discovery of this breach.

                    As is the case with many data breaches, the attackers in this attack used a virtual toolbox of crimeware to get the job done. As I noted in a Tweet shortly after filing my story Wednesday, at least one of those malware samples includes the text string “Rescator.” Loyal readers of this blog will probably find this name familiar. That’s because Rescator was the subject of a blog post that I published on Dec. 24, 2013, titled “Who is Selling Cards from Target?“.

                    In that post, I examined a network of underground cybercrime shops that were selling almost exclusively credit and debit card accounts stolen from Target stores. I showed how those underground stores all traced back to a miscreant who uses the nickname Rescator, and how clues about Rescator’s real-life identity suggested he might be a particular young man in Odessa, Ukraine.

                    This afternoon, McAfee published a blog post confirming many of the findings in my story yesterday, including that two malware uploaders used in connection with the Target attack contained the Rescator string:

                    “z:\Projects\Rescator\uploader\Debug\scheck.pdb”.


                    A private message on cpro[dot]su between Rescator and a member interested in his card shop. Notice the ad for Rescator’s email flood service at the bottom.

                    Earlier this morning, Seculert posted an analysis that confirmed my reporting that the thieves used a central server within Target to aggregate the data hoovered up by the point-of-sale malware installed at Target. According to Seculert, the attack consisted of two stages.

                    “First, the malware that infected Target’s checkout counters (PoS) extracted credit numbers and sensitive personal details. Then, after staying undetected for 6 days, the malware started transmitting the stolen data to an external FTP server, using another infected machine within the Target network.”

                    Seculert continues: “Further analysis of the attack has revealed the following: On December 2, the malware began transmitting payloads of stolen data to a FTP server of what appears to be a hijacked website. These transmissions occurred several times a day over a 2 week period. Also on December 2, the cyber criminals behind the attack used a virtual private server (VPS) located in Russia to download the stolen data from the FTP. They continued to download the data over 2 weeks for a total of 11 GBs of stolen sensitive customer information. While none of this data remains on the FTP server today, analysis of publicly available access logs indicates that Target was the only retailer affected. So far there is no indication of any relationship to the Neiman Marcus attack.”

                    Target has taken quite a few lumps from critics who say the company waited too long to disclose the breach, and new details about when it may have known something was wrong are likely to fan those flames. As I wrote yesterday, the point-of-sale malware used in Target referenced a domain within Target’s infrastructure called “ttcopscli3acs”. Several sources, including Seculert’s Aviv Raff and Dmitri Alperovitch at CrowdStrike, searched for other files with that unique string within the corpus of malware uploaded to Virustotal.com, a service that employs more than 40 commercial antivirus tools to produce reports about suspicious files submitted by users.

                    That search turned up numerous related files — including the aforementioned malware uploaders with Rescator’s nickname inside — all dated Dec. 11, 2013. Since this malware is widely thought to have been custom-made specifically for the Target intrusion, it stands to reason that someone within Target (or a security contractor working at the company’s behest) first detected the malware used in the breach on that date, and then submitted it to Virustotal.

                    Yesterday’s story cited sources saying the malware used in the Target breach was carefully crafted to avoid detection by all antivirus tools on the market. These two virustotal scan results from Jan. 16 (today) show that even to this day not a single antivirus product on the market detects these two malicious files used in the Target attack. Granted, the antivirus tools used at virustotal.com do not include behavioral detection (testing mostly for known threat signatures). I point it out mainly because nobody else has so far.

                    Incidentally, in malware-writer parlance, the practice of obfuscating malware so that it is no longer detected by commercial antivirus tools is known as making the malware “Fully Un-Detectable,” or “FUD” as most denizens of cybercrime forums call it. This is a somewhat amusing acronym to describe the state of a thing that is often used by security industry marketing people to generate a great deal of real-world FUD, a.k.a. Fear Uncertainty and Doubt.
                    The Hackmaster

                    Comment


                    • #11
                      Security firm ID's malware used in Target attack

                      By Jaikumar Vijayan

                      Computerworld - A security company that worked with the U.S. Secret Service to investigate the data breach at Target identified the malware used in the attack as a sophisticated derivative of a previously known Trojan program designed to steal data from Point-of-Sale (POS) systems.

                      In a report released Thursday, iSight Partners identified the tool as Trojan.POSRAM, which it described as software that can find, store and transmit credit card and PIN numbers from POS systems.

                      The Trojan is being used in a "persistent, wide ranging, and sophisticated" cyber campaign dubbed KAPTOXA targeting "many operators" of POS systems, the company warned. Some affected companies may not yet know they've been compromised or have already lost data, the iSight report noted. It did not mention Target as the company that was investigated.

                      Tiffany Jones, the author of the report, described the POSRAM Trojan as a customized version of BlackPOS, a piece of malware that has been available in the cyber underground since at least last February.

                      Like BlackPOS, the POSRAM Trojan is designed to steal a card's magnetic stripe data while it is stored momentarily in a POS system's memory, just after a credit or debit card is swiped at the terminal.

                      After infecting a POS terminal, the malware monitors the memory address spaces on the device for specific information. When it finds something of interest, the software saves the data to a local file and then transfers it to the attackers at preset times. It then is coded to delete the local file to cover its tracks.

                      According to Jones, at least 75% of the code in POSRAM is similar to the code in BlackPOS. Where POSRAM differs is in the methods it uses to evade detection by anti-malware tools, said Jones, who is a senior vice president of client solutions and support at iSight.

                      At the time the code was discovered, even fully updated antivirus tools would not have been able to detect the malware. "This software contains a new kind of attack method that is able to covertly subvert network controls and common forensic tactics, concealing all data transfers and executions that may have been run, rendering it harder to detect," the iSight report said.

                      Because of the ongoing investigation, iSight is not able to disclose how the attackers have managed to install the malware on targeted POS systems, Jones said. But retailers who are concerned about their systems should get in touch immediately with the Secret Service, she said.

                      Target earlier this month disclosed that sensitive data on 40 million debit and credit cards and other personal information such as emails, phone numbers and full names of an additional 70 million people was compromised in a data breach that occurred over Thanksgiving.

                      In a subsequent interview with CNBC, Target CEO Gregg Steinhafel confirmed that the compromise followed a breach of its POS systems. Though the company is still trying to figure out what exactly happened, it has been able to determine that malware was installed in its POS systems, he said.

                      At least three other retailers are believed to have been hit by the same malware, including Neiman Marcus. The names of the other two remain unknown.

                      Security blogger Brian Krebs, who first broke the story about the Target breach, on Wednesday updated the report with new details about the intrusion.

                      According to Krebs, sources close to the investigation say attackers managed to somehow upload the malware to Target's POS systems after first breaking into a web server. They then appear to have brazenly set up a control server right within Target's internal network, which they used to store and retrieve data stolen from the POS systems.

                      "The bad guys were logging in remotely to that [control server], and apparently had persistent access to it," Krebs said.

                      Krebs described the malware as being roughly 207KB in size and fairly inexpensive -- around $1,800 for a barebones version and $2,300 for a more feature-rich version capable of encrypting stolen data.
                      Last edited by dlevere; 01-17-2014, 05:33:55 AM.
                      The Hackmaster

                      Comment


                      • #12
                        When Will We Take Security Seriously?



                        Starbucks and Neiman Marcus Also Hacked During The Holidays, When Will We Take Security Seriously?

                        Saturday, January 18, 2014
                        - by Rob Williams

                        Over the holidays, popular retailer Target admitted that it had been breached, with data of up to 40 million customers stolen.

                        Weeks later, that number skyrocketed to 110 million.

                        As we can now see, while it was Target that dominated the security headlines this past month, two other incidents seemingly flew under the radar, involving Starbucks and Neiman Marcus.

                        Between these two incidents, I can't even decide which one is worse - both companies involved should be hugely embarrassed. On the Neiman Marcus side, its servers had been compromised as far back as last July, with the company finally noticing the issue in December. That's right - it took a full five months for the company to recognize this gaping hole. The worst of it is, credit card numbers had been taken and used; this isn't one of those stories where we're talking about what could have happened.



                        Because of this breach, Neiman Marcus is required to answer 10 sets of questions from Florida's Attorney General Pam Bondi, after which we should learn more about what lacking security measures allowed such a breach to take place. While credit card numbers were apparently lifted over the time the systems were compromised, the company says that birth dates and social security numbers should be safe.

                        It doesn't seem that Starbucks' flaw led to customer data being compromised, but the issue is no less embarrassing. In effect, due to a flaw in its iOS app, Starbucks stored customer login information in plain text. Something like this wouldn't have been too surprising to learn of more than ten years ago, but in an age where even MD5 hashing is considered not enough, it's outright ridiculous.



                        Here's what's appalling: Starbucks just issued the update to correct this problem - a problem that we now find out it knew about since last May. Seriously. Starbucks might just be a coffee shop, but if a customer had cash in their account, anyone who gained access to this plain-text password could have enjoyed a Venti triple-shot Caramel Macchiato on their dime.

                        As I mentioned above, both of these incidents are mind-boggling, and the fact that they were allowed to happen shows the absolute disregard both companies have for their customer's security. For it to take five months for a breach to be discovered is ridiculous, and for a company to take more than half a year to patch a known issue might be just as ridiculous.

                        Across Target, Neiman Marcus, and Starbucks, that's three fatal flaws discovered in just the past month. When on Earth are companies going to begin taking their customer security seriously?

                        It's somewhat understandable if a breach occurs when good security measures are in place, but as evidenced by Neiman Marcus and Starbucks, ineptitude was the reason here, and that's inexcusable.
                        The Hackmaster

                        Comment

                        Working...
                        X