Target, Neiman Marcus and other security breaches: organized crime?
Last December, Target announced up to 40 million credit
cards and debit accounts may have been stolen in a sophisticated cyber theft
intrusion of the corporate computer system; since then, other retailers have reported break-ins with similar hallmarks. Could this be the work of organized
criminals?
“There is certainly a real element of sophistication here,” said Michael Sutton, a cyber security expert with Zscaler who's monitoring the Target case. “There would have needed to be some reconnaissance up front to understand the network that was being targeted, the hardware and software that they were going after. They would have had to customize the malware that they used and then figured out means of exfiltrating that data and doing so without being detected.”
While the Target theft and others like it may be the work of
organized crime, Sutton explains, it's not necessarily the same group: “I think
that we're seeing the tip of the iceberg here. Because yes, Target was the
first and now we're starting to see other retailers, Neiman Marcus, Michael's
have also stepped forward. We don't have evidence that it's the same group,
although we do know that very similar techniques were used in each situation.”
Another factor pointing to an organized element is a follow-up crime committed last month – a half dozen cell phones were stolen from Target employees around the store's Minneapolis headquarters in one 24 hour period. The phones "belonged to people who were part of the IT staff who had access to the [Target] networks," the source said. "This required an organized ground operation." Target wouldn't confirm the phone thefts, but told CBS News that it recently emailed tips to employees on the importance of keeping their cell phones concealed while outside and at public venues.