Target Data Breach

727 Words2 Pages

The data breach at Target may have been less brute force than a casual observer might imagine, given the language used on Target’s own FAQ which describes the incident as “criminals forc[ing] their way into our system.”1 While this description might conjure an image of hackers sitting in a dimly lit room, running complex software on super powered machines, and attempting a brute force or DDoS style attack to gain access to customer information databases, the reality appears to have been slightly less glamorous. There can be a variety of unintended entries to a secure system, and criminals will go for the weakest link in the chain. This weak link may oftentimes be not a security hole in the software, but instead the users of that software. The term hacking is used as a catch-all for situations where an information system has been compromised, even though the actual attack or breach of security was nothing more than information leaking out from users or corporations not thoroughly versed in good security practices. In these cases, the breaches are more appropriately described as being a result of social engineering. Social engineering is the technique of combining technological and psychological savvy to obtain illegal access to information2. This can involve anything from complaining and pleading with a phone support representative to give out information, to just realizing that many people use the same password for most of their accounts. Phishing is a social engineering tactic where an attractive, familiar, or official looking email is sent out to multiple recipients with the intent of tricking them into clicking a malicious link or downloading malware attachments3,4. While the latter approach may feel more like hacking, because ...

... middle of paper ...

...id Banking Apps With Malware." McAfee Labs. McAfee, 3 June 2013. Web. 25 Feb. 2014. .
5. Goodin, Dan. "Target Hackers Reportedly Used Credentials Stolen from Ventilation Contractor." Ars Technica. Conde Nast Digital, 5 Feb. 2014. Web. 25 Feb. 2014. .
6. Krebs, Brian. "Email Attack on Vendor Set Up Breach at Target." Krebs on Security. Krebs on Security, 12 Feb. 2014. Web. 25 Feb. 2014. .
7. Fazio, Ross E. "Statement on Target Data Breach." Fazio Mechanical Services. Fazio Mechanical Services, n.d. Web. 25 Feb. 2014. .

Open Document