Traverse City Record-Eagle
---- — If an Internet security breach compromises credit and debit card accounts of 40 million Target customers, is anyone safe?
The cat and mouse game between those charged with keeping data safe and those trying to steal it seems never-ending.
The old “if they can put a man on the moon, why can’t they .?” doesn’t seem very helpful.
Security experts, left to speculate in the absence of solid information about the Target heist, believe it was very carefully planned and coordinated. It’s possible that the thieves had help within the company. With or without that help, they had several routes, “vectors,” to their target. One route might have been penetration of the system that serves the chain’s credit card swipers, perhaps infecting those servers to free up the desired data.
“A hacker can find a tiny vulnerability to get into a server, and then move laterally” to exploit other vulnerabilities, said Ken Westin, a security researcher. “Once you get your foot in the door, all heck breaks loose.”
Breaching a retailer’s security doesn’t always mean the credit card information will be used. But that wasn’t the case in the Target theft. Card data began showing up on underground “shops” quickly.
In the absence of new safeguards capable of preventing such theft, cardholders are asked to jump through the usual hoops. Target will pay for credit monitoring for all of the victims. New cards will be issued by the victims’ financial institutions. Cardholders might keep a close eye on their accounts online. If the cards were used for automatic payments, the cardholder will have to contact those companies.
In other words, the usual inconvenient mess.
This latest theft, together with reports of thieves putting “skimming” devices on ATMs to gather card data, intrusions at power generating plants, phone hacking, spam - all make it more or less clear that alongside the blessings the Internet has brought us is the realization that it’s rather porous.
Security is a mirage.
Which brings us back to that earlier question. If we could put a man in the moon in 1969, why can’t we create an Internet that’s secure 45 years later?
The Oakland Press