Cyber Attack Case Study

Good Essays
Max Thielen
Last year Target fell victim to a massive cyber attack that compromised data on millions of its customers. The breach lasted from November 27th to December 15th. During that time, information on 40 million debit and credit accounts was stolen. In addition, Target would later report that another 70 million customers’ name, phone number, and mailing address had been stolen (Whitney).
A piece of malware that retails on the black market for around $2,000 is believed to be the culprit for the stolen data. When installed on point-of-sale (POS) devices, this malware will record the data from all cards swiped through the machine (Smith). The hackers were able to steal vendor credentials from BMC Software, the company that developed the IT management software used by Target. The hackers used the account name “Best1_user” and password “BackupU$r” to access the machine. The “Best1_user” account name is restricted from logging in to the computer. It is actually an administrator account used by the software to do basic tasks (Smith). Through the administrator account access, the criminals were able to install a program called “BladeLogic” which mimicked another program developed by BMC. This process; replacing legitimate programs with those designed to spy, steal, or manipulate data, is called usurpation (Kroenke 312).
The hackers exploited a vulnerability in Target’s system to gain access. A vulnerability is a point of entrance that can be used to access private data (Kroenke 310). With the case of Target, the vulnerability was the unsafe administrative account. Many other companies have vulnerabilities such as in the POS system, or online credit orders. With all of the threats to information security ...

... middle of paper ...

...rus software regularly. Correct security training that encourages using strong passwords and keeping valuable data out of texts and emails (Kroenke). If Target can learn from its previous mistakes and follow proper safety techniques, it should be able to effectively prevent another cyber attack in the future.

1. Kroenke, David M. Experiencing MIS. Upper Saddle River, NJ: Pearson Prentice Hall, 2008. Print.
2. Smith, Chris. "Expert Who First Revealed Massive Target Hack Tells Us How It Happened." BGR. BGR, 16 Jan. 2014. Web. 30 Apr. 2014.
3. White, Martha C. "Target's Hacking Fix Is Itself a Huge Problem." Business Money Targets Hacking Fix Is SecondRate Says Consumer Reports Comments. N.p., 11 Feb. 2014. Web. 30 Apr. 2014.
4. Whitney, Lance. "How Target Detected Hack but Failed to Act." CNET. N.p., 13 Mar. 2014. Web. 30 Apr. 2014.
Get Access