Malware including RAM scrapers were used in the Target attack.
At this time, Target has not disclosed how hackers managed to breach its network and scoop up the information of 70 million shoppers. However, according to a Reuters exclusive scoop, unnamed sources claim that the hackers used pieces of malware to do the dirty work, one of which was a RAM scraper.
A RAM scraper is memory-parsing software that allows cyber-crooks to grab encrypted data as it travels through live memory of a computer, where it appears in plain unencrypted text. Reuters reports that the technique has been around for years, but is getting more use as companies improve their security.
"Sunday (Dec. 15) was really day one," said Target Chairman and CEO Gregg Steinhafel regarding the amount of time it took Target to inform the public. "That was the day we confirmed we had an issue and so our number one priority was ... making our environment safe and secure. By six o'clock at night, our environment was safe and secure. We eliminated the malware in the access point, we were very confident that coming into Monday guests could come to Target and shop with confidence and no risk."
In speaking with CNBC, the Target CEO said day 2 was about initiating the investigation, day 3 was about getting Target prepared about the onslaught of customer communication, and day 4 was about alerting the public.
"We are in the middle of a criminal investigation as you can appreciate and we can only share so much. ... We are not going to rest until we understand what happened and how that happened," he said. "Clearly we are accountable and we are responsible—but we are going to come out at the end of this a better company and we are going to make significant changes."
Steinfhafel admitted that the full details are unknown, but what he could say was that malware was installed on the company's point of sale registers. Currently, the company is working with law enforcement to determine who installed the malware and when it was done. However, right now the biggest challenge for Target is convincing the American public that the company is even more secure than it was before, and it's safe to shop worry-free.
On Friday, Target confirmed that the private information of 70 million shoppers was acquired by the hackers. The information included names, mailing addresses, email addresses, and phone numbers. The company previously announced that the credit card numbers and encrypted PIN numbers of 40 million credit and debit cards were stolen.