Homeland Security warns retailers about malware that hit Target


The U.S. Department of Homeland Security has gotten involved in investigating the massive data breach at Target.

CNN reports information about the malware used to hijack customer information was detailed in a government report and distributed to the nation's major retailers. The government alerted retailers the aggressive software that led to the compromise of data at Target has likely infected other companies.

The Star Tribune reports that federal authorities issued the technical bulletin that contains descriptions of the malware that hackers used to attack Target. The report says the Secret Service and the cybersecurity arm of the Department of Homeland Security began working together on the issue as early as Dec. 18, the first day that news surfaced about the data breach.

The report said multiple retailers are still being attacked and calls this malware variant "the most dangerous ever used." The malicious file infects point-of-sale devices – cash registers – and extracts customer data processed on them. Then the data is transmitted, according to Tiffany Jones, senior vice president at iSIGHT Partners, the private firm working on the investigation. In its report, iSIGHT Partners said the hackers "displayed innovation and a high degree of skill in orchestrating the various components of the activity." Here's a summary of that report.

Last week Target updated the number of customers who had their personal information compromised to 70 million. The number was later updated to as many as 110 million. Payment data was compromised for customers who shopped between Nov. 27 and Dec. 1.

The malware variant has been dubbed Trojan.POSRAM and was derived from another type of malware known as BlackPOS, the report said. Authorities have dubbed the point-of-sale operation KAPTOXA.

Brian Krebs, the computer security blogger who first revealed the Target breach, told the Star Tribune on Thursday he thinks a hacker he profiled in December is at the center of the Target heist. The man is a Ukrainian nicknamed Rescator.

FOX 9 reported that Krebs suspects the cyber crooks broke into Target through a Web server, then planted the malicious software server to snag stolen card data. The information was collected directly from magnetic strips before it could be encrypted, but, as the station notes, "...the wildest part is that it was sent to a server inside Target just six days later. That internal server uploaded 11 gigabytes of data over two weeks."

No antivirus product available on the market is able to detect the malware used in the attack, according to Krebs.

Target officials will discuss the problems at a U.S. House hearing in the first week of February before a subcommittee of the House Committee on Energy and Commerce.

Next Up