Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Hackers accessed Target's network using credentials stolen from a contractor
http://www.theverge.com/2014/2/5/5383338/target-hackers-accessed-retailers-network-with-stolen-contractor-credentialsCustomers might have to be worried about another range of companies thanks to the Target credit card security breach. The retailer reported that the initial intrusion into its network was traced back to credentials stolen from Fazio Mechanical Services, a refrigeration, heating, and air conditioning company hired by Target. Hackers used the stolen credentials between November 15th and November 28th to upload card-stealing malware to many of Target's cash registers, and within a month, completely infiltrate the system.
Krebs on Security explains that Fazio Mechanical could have had access to Target's network for maintenance purposes. It's common practice for large companies to hire teams to monitor energy consumption in stores to help save on energy costs. Those teams need to have remote access to the company's network, so that is one way the HVAC company could have had long-term access to Target's system.
However, that does not explain why the retailer's maintenance network led the hackers to its payment network. It's possible that Target had the maintenance and payment networks connected, making it easy for hackers to access one from the other. But Krebs alluded to an even more unsettling scenario — the networks could have been separated from the start, but the hackers found a way to connect them.
Fazio Mechanical president Ross Fazio confirmed that the US Secret Service — which has not been shy about its investigation — has visited the company's offices while investigating the Target breach. It makes sense for the Department of Justice to take a hard look at Fazio: the HVAC contractor has completed projects for Trader Joe’s, Whole Foods, BJ’s Wholesale Club, and others, suggesting those companies could be susceptible to similar attacks. While the identities of the hackers are still unknown, this discovery shows how even the most tangental connection to a huge company like Target could open the door for hackers to access information. Target is now rushing to install chip-enabled smart cards to provide better security at the point of sale, but it can only try to control what happens in its stores.
*bolding mine*
9 replies
= new reply since forum marked as read
= new reply since forum marked as read
Is that users are encouraged to link all their accounts through that bastion of privacy and security: Facebook 
I can't tell you how many times I've been unable to take advantage of an offer or even play some games because they require access to your Facebook credentials.
Even LinkedIn does some of this. I will never join two of my accounts together in this way (alright the whole bloody lot are joined through my service providers).
I don't recommend anyone join their Facebook to their bank account or their iPhone bridge game or anything remotely similar.
