Watch CBS News

After Target: Fighting fraud from the hackers' perspective

Security response firm Mandiant explains the malware cyber attackers are using to breach major retailers like Target and Neiman Marcus
After Target: Fighting fraud from the hackers' perspective 02:39

ALEXANDRIA, Va. When a client phones up security incident response management firm Mandiant, senior services consultant Jason Rebholz says, "it's already too late; something's already happened."

Such was the case for Target in December when the retail giant had to recruit help after a security breach had compromised the credit card information of 110 million customers.

"We need to make sure there's a containment plan in place," Rebholz explained to CBS News. "Because you know, stores have to stay open. So you know, they're still processing credit card data when attackers could be siphoning off all that data, and they have to understand how the hacker got in initially so that they can make sure that they can't get in in the future."

In order to do that, they need to think like the hacker. Mandiant routinely monitors the server infrastructures of various malware that that cyber attackers use to aggregate stolen credit card information from point-of-sale systems, which can include anywhere a credit card is swiped for purchase.

Accessing the hackers' tools, Mandiant Services Consultant Tyler Oliver says, allows the company to understand "how the malware interacts with the point-of-sale systems, so that we can see what the commands look like on the network, so on the Internet, when you see something go by, what it would look like if it was coming from an attacker, versus regular activity."

"They have a one-stop shop area where they can see your personal information that's present on your credit card," Rebholz said. "So that's gonna include your account number, it could include your name, and it's everything they need to actually create a fraudulent credit card, and then they can sell that on the black market."

A quick online search can lead hackers straight to malware options like vSkimmer, Black POS and Alina. Once the programs are installed, hackers wait at their computers for someone to "check in," or swipe a card at a point-of-sale system they've compromised. Usually, they gain access through a malicious email.

"They'll just wait for some unsuspecting corporate user to go download that malware," Rebholz said. "And for what you would say is the 'swat team' of financial attackers, they're gonna see that and say, I wanna go in there, and then they'll just purchase access to that. And that's their entry point into the environment."

And once they're in, anyone swiping a card at that point-of-service terminal is vulnerable.

Research from the payment industry newsletter The Nilson Report shows the United States is the global leader in credit card fraud occurrences. Rebholz blames a lag in technology that could offer consumer protection, like the chip-and-pin systems used in Europe.

Of course, the byproduct of that, he noted, "is that it's forced hackers to go into a different area, and that's 'card-not-present fraud,'" like online transactions. Mandiant is already tracking some malware that hack user data online, but for now, the danger in the United States remains primarily in consumers' wallets.

"Until we move to this technology where it's gonna further protect me as a consumer," Rebholz said, "it's just a risk that we have to live with every day."

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.