How the Target Credit Card Breach was Discovered
It was revealed in December that cybercriminals had hacked into Target's database and made off with the largest cache of stolen credit cards in history. Here's how the heist was uncovered and revealed to the public, according to a recent New York Times report.
Hundreds of millions of Americans have 41-year-old Brian Krebs to thank for first reporting the cybercrime. A former reporter at The Washington Post, Krebs developed an interest in studying hackers back in 2001 when his own computer caught a malicious worm. Since then, Krebs has learned Russian to better understand his Eastern European foes and even started a now-dead Security Fix blog at The Post. Currently, Krebs focuses on his own blog, Krebs on Security, after being let go from The Washington Post for not broadening his beat.
Krebs first caught a whiff of the massive credit card heist in December when he came across some criminals boasting about a large, fresh batch of credit cards in some underground forums on the Internet. Krebs then received a tip from one of his banking sources, who told him that he had bought a large number of credit cards that all had one thing in common: they had been used at Target from late November to mid-December.
After confirming that there had been a major cyber-robbery at Target, Krebs contacted Target and published the story on his blog. The rest, as they say is history.
Krebs was also integral in uncovering the Neiman Marcus cybertheft.
After the Story Broke
The series of events that follows such cybercrimes are discouraging to many law enforcement officials. Target's breach affected 110 million Americans, while the Neiman Marcus debacle hit over one million. The numbers are a staggering percentage of the total U.S. population, prompting the government to chastise industries for being too secretive about cybercrimes due to fear of public backlash.
"Businesses should be required to provide prompt notice to consumers in the wake of a breach," Acting Assistant Attorney General Mythili Raman told a Senate Judiciary Committee earlier this month during a hearing that involved Target and Neiman Marcus executives.
"American consumers should know when they are at risk of identify theft or other harms because of a data security breach."
Krebs acknowledges that, even though he does make a nicer living due to the extra intelligence and consultant work, which he does thanks to increasing cyber-awareness, there are forces in power that would rather keep the information away from the public.
"There's a lot going on in this industry that impedes the flow of information," Mr. Krebs said in the New York Times article. "And there's a lot of money to be made in having intelligence and information about what's going on in the underworld. It's big business but most people don't want to pay for it, which explains why they come to someone like me."
In response to the growing need for cybersecurity, a still-relatively new field, the Obama administration recently unveiled a comprehensive set of guidelines dubbed "The Cybersecurity Framework" intended to help businesses deal with cybercrimes more efficiently and publicly.