If only Target had top-notch security software in place to prevent last year's disastrous hack. Oh wait, it did. In fact, a report by Businessweek/Bloomberg says the software was essentially screaming that something was amiss well in advance of any actual theft of customers' credit card data. Target had plenty of time to react—but did nothing. The $1.6 million software program from security firm FireEye detected the installation of malware on Nov. 30 and multiple times afterward, before hackers started stealing data, but the urgent alerts went unheeded.
Why didn't the software kill the malware on its own?
- "The system has an option to automatically delete malware as it's detected. But according to two people who audited FireEye's performance after the breach, Target's security team turned that function off," says the story, which follows a two-month investigation. "It's possible that FireEye was still viewed with some skepticism by its minders at the time of the hack ..."
The story points to "inaction on the part of Target and a clear effort by FireEye to shore up its reputation," writes blogger John Biggs at TechCrunch
. "If Target couldn’t be bothered to delete the malware, this piece suggests it’s not FireEye’s fault." Click for the full story
, which, as Mashable
points out, speculates that the mastermind of the Target hack might be a 22-year-old Ukrainian.