Target, Neiman Marcus and other security breaches: organized crime?

Target, Neiman Marcus and other security breaches: Organized crime?

Last December, Target announced up to 40 million credit cards and debit accounts may have been stolen in a sophisticated cyber theft intrusion of the corporate computer system; since then, other retailers have reported break-ins with similar hallmarks. Could this be the work of organized criminals?

“There is certainly a real element of sophistication here,” said Michael Sutton, a cyber security expert with Zscaler who's monitoring the Target case. “There would have needed to be some reconnaissance up front to understand the network that was being targeted, the hardware and software that they were going after. They would have had to customize the malware that they used and then figured out means of exfiltrating that data and doing so without being detected.”

While the Target theft and others like it may be the work of organized crime, Sutton explains, it's not necessarily the same group: “I think that we're seeing the tip of the iceberg here. Because yes, Target was the first and now we're starting to see other retailers, Neiman Marcus, Michael's have also stepped forward. We don't have evidence that it's the same group, although we do know that very similar techniques were used in each situation.”  

Target, Neiman Marcus: How hackers infiltrate retail giants
One common factor is the malware used, called Kaptoxa; the Target thieves placed it onto hundreds point of sale systems to collect all of the transactions taking place. Federal investigators have a copy of the Kaptoxa code, and a knowledgeable source tells CBS News that "a trained programmer wrote it… someone with good coding skills." It was being sold on the open market for less than $2,000, which is why the FBI recently warned to expect additional break-ins of retailers.

Another factor pointing to an organized element is a follow-up crime committed last month – a half dozen cell phones were stolen from Target employees around the store's Minneapolis headquarters in one 24 hour period. The phones "belonged to people who were part of the IT staff who had access to the [Target] networks," the source said. "This required an organized ground operation." Target wouldn't confirm the phone thefts, but told CBS News that it recently emailed tips to employees on the importance of keeping their cell phones concealed while outside and at public venues.

f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.