What if a major retailer made a large investment in anti-malware software to protect its information systems, finally put the new program in place, and then ignored the warnings that the new system gave? That’s what sources tell Bloomberg Businessweek is what happened in the weeks before Target’s massive payment information breach. Target could have stopped the breach, or even ended it before baddies could get hold of customer data.
The problem is that people don’t always trust a new system after it’s been installed. About six months before the famous attack, Target installed a system specifically designed to prevent this kind of thing. The software, from a company called FireEye, also provides security software to the CIA and the Pentagon.
According to Businessweek’s sources, the company had a team of analysts in Bangalore, India who watched the network during the hours while people at headquarters in Minneapolis were off duty. The analysts in Bangalore noticed when the hackers’ program for extracting the data to staging points in the United States was being installed and uploaded, and flagged the malware. They let security experts in Minneapolis know. And then nothing happened.
FireEye worked perfectly: it sent a malware alert when the hackers uploaded different versions of the program. The program can automatically delete data that it flags as a threat, but Target had things set up so a human had to make the final decision. Trouble is, the human in charge of that didn’t delete anything.
Some experts speculate that since the implementation of FireEye was so new, tech higher-ups at Target didn’t trust the program yet, and ignored the warnings.