Traverse City Record-Eagle


January 7, 2014

Another View: Data theft raises Web security questions

If an Internet security breach compromises credit and debit card accounts of 40 million Target customers, is anyone safe?

Apparently not.

The cat and mouse game between those charged with keeping data safe and those trying to steal it seems never-ending.

The old “if they can put a man on the moon, why can’t they .?” doesn’t seem very helpful.

Security experts, left to speculate in the absence of solid information about the Target heist, believe it was very carefully planned and coordinated. It’s possible that the thieves had help within the company. With or without that help, they had several routes, “vectors,” to their target. One route might have been penetration of the system that serves the chain’s credit card swipers, perhaps infecting those servers to free up the desired data.

“A hacker can find a tiny vulnerability to get into a server, and then move laterally” to exploit other vulnerabilities, said Ken Westin, a security researcher. “Once you get your foot in the door, all heck breaks loose.”

Breaching a retailer’s security doesn’t always mean the credit card information will be used. But that wasn’t the case in the Target theft. Card data began showing up on underground “shops” quickly.

In the absence of new safeguards capable of preventing such theft, cardholders are asked to jump through the usual hoops. Target will pay for credit monitoring for all of the victims. New cards will be issued by the victims’ financial institutions. Cardholders might keep a close eye on their accounts online. If the cards were used for automatic payments, the cardholder will have to contact those companies.

In other words, the usual inconvenient mess.

This latest theft, together with reports of thieves putting “skimming” devices on ATMs to gather card data, intrusions at power generating plants, phone hacking, spam - all make it more or less clear that alongside the blessings the Internet has brought us is the realization that it’s rather porous.

Security is a mirage.

Which brings us back to that earlier question. If we could put a man in the moon in 1969, why can’t we create an Internet that’s secure 45 years later?

The Oakland Press

Text Only

Opinion Poll
AP Video
Death Penalty Expert: 'This is a Turning Point' House Committee at Odds Over Obama Lawsuit Raw: MH17 Victim's Bodies Arrive in Netherlands Raw: UN School Used As Shelter Hit by Tank Shell Raw: Gunmen Attack Iraqi Prison Convoy Plane Leaves Ukraine With More Crash Victims The Rock Brings Star Power to Premiere Raw: Families Travel to Taiwan Plane Crash Site Arizona Execution Takes Almost Two Hours Gen. Odierno Discusses Ukraine, NATO at Forum Gaza Fighting Rages Amid Cease-Fire Efforts Mint Gives JFK Coin a Face-lift Creative Makeovers for Ugly Cellphone Towers Ariz. Inmate Dies 2 Hours After Execution Began Crash Kills Teen Pilot Seeking World Record LeBron James Sends Apology Treat to Neighbors Raw: Funeral for Man Who Died in NYPD Custody Migrants Back in Honduras After US Deports Israeli American Reservist Torn Over Return