Secret Service: Hackers Behind Target Attack Used Specially Designed, Sophisticated Malware

A House subcommittee that’s looking into the massive theft of Target customers’ personal and financial information heard from a Secret Service official who says that the hackers responsible had been preparing long and hard for the “highly technical” attack, using sophisticated malware that likely was designed specially to infiltrate Target’s system.

The hackers who stole data from up to 110 million Target customers are “highly technical and sophisticated” and probably based outside of the country, William Noonan, the deputy special agent in charge of criminal investigations of cybercrimes, said Tuesday, reports the Minneapolis Star Tribune.

The company previously said the hackers used stolen vendor credentials to gain access to its system. Noonan explained that these attackers had been studying hard before the breach: While the malware the hackers used to carry out the attack was different than the type used to infect Neiman-Marcus, and  tough it’s unclear if the same group was responsible for both, Noonan says one thing is clear — these were sophisticated operations.

“The malware used to infect the computers systems were not off the shelf,” Noonan said.

“So it was specifically designed for Target,” concluded Rep. Lee Terry during the hearing.

Not only that, but the malware was so sophisticated that it couldn’t be spotted by any commercially available computer system protections, said Lawrence Zelvin, who directs cybersecurity operations for the Department of Homeland Security.

That’s not a good enough excuse, says Lisa Madigan, the Illinois Attorney General who co-chairs a multi-state investigation of the Target and Neiman-Marcus breaches. Companies are still mucking up the things that should be easiest to do right, she says — stronger passwords and encrypting customers’ information included.

She’s set on finding out whether or not companies notified customers within a reasonable timeframe, and “to ensure that companies suffering breaches took reasonable steps to protect their customers’ sensitive data from disclosure.”

As for Target, its chief financial officer John Mulligan testified to basically the same things as he did during the Senate hearing, saying that the retailer was hit by the breach even though it had “firewalls, malware detection software, intrusion detection and prevention capabilities and data loss prevention tools.”

“We perform internal and external validation and benchmarking assessments,” Mulligan added. “And, as recently as September 2013, our systems were certified as compliant with the Payment Card Industry Data Security Standards.”

He couldn’t explain, however, why Target could find malware within a few days after the U.S. Justice Department told the company of suspicious credit card activity on June 12, but was unable to hunt it down when in its own credit and debit card security system this time.

“We’re trying to find out why,” Mulligan told the subcommittee.

Previously: Two Men Arrested For Using Credit Card Numbers Stolen From Target; Non-Target Customers Wondering How Target Got Info To Send Email About Hack; Homeland Security Warns Retailers About Malware Used In Target Hack

Secret Service: Target hackers ‘sophisticated,’ likely from outside U.S. [Minneapolis Star Tribune]