Skip to main content

Malware Was Used in December's Target Hack

At this time, Target has not disclosed how hackers managed to breach its network and scoop up the information of 70 million shoppers. However, according to a Reuters exclusive scoop, unnamed sources claim that the hackers used pieces of malware to do the dirty work, one of which was a RAM scraper.

A RAM scraper is memory-parsing software that allows cyber-crooks to grab encrypted data as it travels through live memory of a computer, where it appears in plain unencrypted text. Reuters reports that the technique has been around for years, but is getting more use as companies improve their security.

"Sunday (Dec. 15) was really day one," said Target Chairman and CEO Gregg Steinhafel regarding the amount of time it took Target to inform the public. "That was the day we confirmed we had an issue and so our number one priority was ... making our environment safe and secure. By six o'clock at night, our environment was safe and secure. We eliminated the malware in the access point, we were very confident that coming into Monday guests could come to Target and shop with confidence and no risk."

In speaking with CNBC, the Target CEO said day 2 was about initiating the investigation, day 3 was about getting Target prepared about the onslaught of customer communication, and day 4 was about alerting the public.

"We are in the middle of a criminal investigation as you can appreciate and we can only share so much. ... We are not going to rest until we understand what happened and how that happened," he said. "Clearly we are accountable and we are responsible—but we are going to come out at the end of this a better company and we are going to make significant changes."

Steinfhafel admitted that the full details are unknown, but what he could say was that malware was installed on the company's point of sale registers. Currently, the company is working with law enforcement to determine who installed the malware and when it was done. However, right now the biggest challenge for Target is convincing the American public that the company is even more secure than it was before, and it's safe to shop worry-free.

On Friday, Target confirmed that the private information of 70 million shoppers was acquired by the hackers. The information included names, mailing addresses, email addresses, and phone numbers. The company previously announced that the credit card numbers and encrypted PIN numbers of 40 million credit and debit cards were stolen.

  • BluePhantom
    Well i guess that attack was right on target...
    Reply
  • lancelot123
    Well i guess that attack was right on target...
    YEEEEEAAAAAAAHH!!!
    Reply
  • p05esto
    No kidding, they really hit the bullyseye here with splitting arrow arruracy. I mean what did Target expect with such a big target on their back?
    Reply
  • Blazer1985
    Can't stop laughing about the first two comments :-DDD
    Reply
  • scottoOH
    "However, right now the biggest challenge for Target is convincing the American public that the company is even more secure than it was before, and it's safe to shop worry-free."Ya, because all of our information has already been stolen!
    Reply
  • ubercake
    Makes me think twice about ever shopping at target again without using the green stuff.
    Reply
  • Zachasaurs
    this is strange about a week ago a 95 year old woman in my neighbor hood was visited by the nsa or something with their guns out about this. why would you do this to a 95 year old woman who just makes amazing chocolate truffles for all of her neighbors cmon nsa.
    Reply
  • freggo
    How about 1 day prison for each hacked account?That should be a fair penalty for the time wasted by each account holder.
    Reply
  • dextermat
    This is why I pay cash most of the time!!
    Reply
  • hasten
    this is strange about a week ago a 95 year old woman in my neighbor hood was visited by the nsa or something with their guns out about this. why would you do this to a 95 year old woman who just makes amazing chocolate truffles for all of her neighbors cmon nsa.
    Poor attempt at being "hip". NSA doesn't raid anyone...
    Reply