Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Target Ignored Signs of Data Breach

Soulskill posted about 7 months ago | from the making-themselves-quite-a-target dept.

Security 95

puddingebola writes "Target ignored indications from its threat-detection tools that malware had infected its network. From the article, 'Unusually for a retailer, Target was even running its own security operations center in Minneapolis, according to a report published Thursday by Bloomberg Businessweek. Among its security defenses, following a months-long testing period and May 2013 implementation, was software from attack-detection firm FireEye, which caught the initial November 30 infection of Target's payment system by malware. All told, up to five "malware.binary" alarms reportedly sounded, each graded at the top of FireEye's criticality scale, and which were seen by Target's information security teams first in Bangalore, and then Minneapolis.' Unfortunately, it appears Target's security team failed to act on the threat indicators."

cancel ×

95 comments

Sorry! There are no comments related to the filter you selected.

Oops (-1, Redundant)

mythosaz (572040) | about 7 months ago | (#46487449)

Posting to undo moderation.

Re:Oops (1)

Wookact (2804191) | about 7 months ago | (#46487671)

How do you undo moderation when you are the first post? Who exactly were you moderating?

Re:Oops (-1, Flamebait)

Desler (1608317) | about 7 months ago | (#46487695)

It was a joke, Admiral Aspergers.

Re:Oops (2)

Wookact (2804191) | about 7 months ago | (#46487951)

Well it was a real knee slapper. /sarc

Re:Oops (0)

Anonymous Coward | about 7 months ago | (#46488057)

No, it was a real bowel slapper.

Totally ballin'!!! (-1)

Anonymous Coward | about 7 months ago | (#46487515)

But them niggas gotta buys some forties of malt liquor!!! I'm a motha fucking baller!!

Ignore the top graded security threat (0)

Anonymous Coward | about 7 months ago | (#46487523)

Sometimes you just can't fix stupid.

Re:Ignore the top graded security threat (-1)

Anonymous Coward | about 7 months ago | (#46487561)

Tell that to the american legal system.

Ignoring Sound Advice != Brilliant Managment (1)

ackthpt (218170) | about 7 months ago | (#46487553)

Honestly, how hard can be be to look after the source of executive pay?

Re:Ignoring Sound Advice != Brilliant Managment (0)

rmdingler (1955220) | about 7 months ago | (#46488093)

So I think what you're doing here is...

you're shooting for a first post that's impossible to child under without painting the off-topic bulls-eye right on the front of my shirt.

Well done.

Remind me later (5, Funny)

pushing-robot (1037830) | about 7 months ago | (#46487555)

In Target's defense, FireEye said it would have to restart the computer to remove the threats.

Re:Remind me later (1)

Comrade Ogilvy (1719488) | about 7 months ago | (#46487731)

Maybe it is me, but that seems gobsmackingly wrong. If Target cannot tolerate a server being unavailable for a few minutes, there must be something wrong with the entire technical infrastructure. There must be single points of failure all over the place. (Not trying to be snarky. Please tell me I am wrong!)

Re:Remind me later (1)

Desler (1608317) | about 7 months ago | (#46487741)

Jesus fuck. It was a joke...

Re:Remind me later (1)

Comrade Ogilvy (1719488) | about 7 months ago | (#46487781)

Touche!

Re:Remind me later (0)

Anonymous Coward | about 7 months ago | (#46487803)

You're new around here, aren't you?

Re:Remind me later (1)

Desler (1608317) | about 7 months ago | (#46487901)

Nope. He [slashdot.org] is, though.

Re:Remind me later (1)

Desler (1608317) | about 7 months ago | (#46487919)

Blasted Slashdot! Apparently the profile link to "New Here" no longer works.

Re:Remind me later (0)

Anonymous Coward | about 7 months ago | (#46488269)

Did you mean New Here [slashdot.org] ?

Re:Remind me later (2)

bickerdyke (670000) | about 7 months ago | (#46491429)

Sounds way too plausible for a joke. At least for anyone with experience in corporate IT.

Re:Remind me later (1)

140Mandak262Jamuna (970587) | about 7 months ago | (#46487965)

woooosh! Just look up, you might see the contrail if the joke that flew far above you. On the other hand, you could claim to be a linux user who has never seen that "remind me later" dialog nagging at the bottom of the screen.

Re:Remind me later (1)

techno-vampire (666512) | about 7 months ago | (#46488629)

Some Linux distros do that, others don't. I'm not sure, but Ubuntu might. I know that Fedora (using XFCE) doesn't, at least if you don't use their software updater.

To be fair? (1)

Penguinisto (415985) | about 7 months ago | (#46487599)

...maybe they just had shitty email prioritization and crappy (read: default) alerting configs on their gear? Given that the typical admin in a large corp gets bombarded with a jillion emails daily (ranging from fluff to drop-dead serious, because vendors rarely know the difference), I can see warnings get buried in the pile pretty easily. Mind you this is not to excuse not acting on the warnings, but instead is posited as a way to explain why the warnings got missed in the first place.

All that said, any security admin who doesn't make alerting and prioritization thereof his first priority really shouldn't be employed as a security admin.

Re:To be fair? (1)

Desler (1608317) | about 7 months ago | (#46487613)

They didn't miss the warnings. They simply ignored them.

Re:To be fair? (0)

Anonymous Coward | about 7 months ago | (#46487649)

I don't think they really ignored them. They just prioritized them incorrectly.
Complacent.
Let's pretend to ignore the giant squid in the kitchen.

Something like that.

Re:To be fair? (1)

ackthpt (218170) | about 7 months ago | (#46487703)

I don't think they really ignored them. They just prioritized them incorrectly.
Complacent.
Let's pretend to ignore the giant squid in the kitchen.

Something like that.

The next Vesuvius is about to erupt under corporate headquarters.

KEEP CALM

and

DO NOTHING

Re: To be fair? (1)

kayaker01 (3569597) | about 7 months ago | (#46501805)

Mind the gap.

Re:To be fair? (1)

Anonymous Coward | about 7 months ago | (#46487709)

Or, they were totally idiots. I see that there is a problem with CPU usage that needs to be looked into...

# compress -f `ps -augxww | sort -rn +8 -9 | head -1 | awk '{print $2}'`

stolen from:http://www.gnu.org/fun/jokes/know.your.sysadmin.html

http://www.gnu.org/fun/jokes/know.your.sysadmin.html

Re:To be fair? (2)

sjames (1099) | about 7 months ago | (#46490017)

It could easily be alarm fatigue. After the 500 billionth 'red alert' that turned out to be someone checking their bank balance during lunch, a warning or 2 about a suspicious attachment can easily fly under the radar.

It happens in hospitals too and sometimes people die as a result.

Re:To be fair? (0)

Anonymous Coward | about 7 months ago | (#46488415)

.. ....... because it was the security team in Bangalore that was performing the security breach?

Ok, I'm just being cynical. The outsourced team is obviously just incompetent.

Re:To be fair? (0)

Anonymous Coward | about 7 months ago | (#46487637)

Missed?

"Like any large company, each week at Target there are a vast number of technical events that take place and are logged. Through our investigation, we learned that after these criminals entered our network, a small amount of their activity was logged and surfaced to our team," said Target spokeswoman Molly Snyder via email. "That activity was evaluated and acted upon."

Unfortunately, however, the security team appears to have made the wrong call. "Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up," she said. "With the benefit of hindsight, we are investigating whether, if different judgments had been made, the outcome may have been different."

They didn't miss shit.

Re:To be fair? (1)

ackthpt (218170) | about 7 months ago | (#46487673)

So... the emails warning of the threat were treated as spam? That's kinda funny.

Re:To be fair? (2)

skids (119237) | about 7 months ago | (#46489273)

These IPS/IDS systems literally generate more alerts (usually including a bunch of false positives) than you could possibly read in a day. Heck, it would take a year or two to learn up on in detail on each signature/threat they have in their catalogue; only people who specialize in security and keep up to date daily can make the calls as to what alarms are noise and what's indicative of real activity (no the default "levels" shipped with the product don't cut it, because if you only look at the "red" ones you'll miss important crap and there are too many "yellow" ones to look at). Those people generally tend to work at places that produce IPS/IDS products, not in support IT. So that means you almost inevitably end up with some misconfigurations or bad calls.

What generally happens is the PHBs buy oodles of this security software and vastly underestimate the amount of manpower and expertise needed to actually use the software. Some places just plop these things on the network team and somehow expect them to magically work even though zero man-hours have been allocated to read the logs and continue the ongoing process of tuning the event filters/reactors -- because after all if they installed it and got it working, the network team must know how to run it, right? Larger outfits may actually have dedicated "security" personnel. If those personnel are not busy implementing security measures internally and are of the strange types that won't shoot themselves in the head if they have to stare at logfiles continuously for several hours a day, that might work. What could also work is hiring professional services from the IDS/IPS company to tune your filters for you.

Re:To be fair? (0)

Anonymous Coward | about 7 months ago | (#46490107)

Like LabTech. LabTech is a complete piece of shit.

if done correctly. (1)

leuk_he (194174) | about 7 months ago | (#46491223)

Then the few serious hacks are handled by the capable PHB, Management will barely hear about it, and wonder why 2 expensive PHB and a expensive intrusion system are used. After all, what information could really be hacked.

It is not like that target have to pay the victims. The risk is not at the correct party.

Re:To be fair? (3, Insightful)

MightyMartian (840721) | about 7 months ago | (#46487851)

Maybe they're just fucking idiots, with an IT department that either is utterly inept or had been so marginalized by MBA morons and sociopaths.

Re:To be fair? (1)

zoomshorts (137587) | about 7 months ago | (#46488423)

Correct!

Re:To be fair? (2, Insightful)

Anonymous Coward | about 7 months ago | (#46488557)

Maybe they're just fucking idiots, with an IT department that either is utterly inept or had been so marginalized by MBA morons and sociopaths.

Or, with a name like 'Target', they were pretty much asking for it?

Re:To be fair? (1)

Lumpy (12016) | about 7 months ago | (#46488989)

"Maybe they're just fucking idiots,"

This describes the management of all large corporation IT departments. IT is an expense, they are not really important like the marketing department.

Re:To be fair? (1)

jd2112 (1535857) | about 7 months ago | (#46490007)

Maybe they're just fucking idiots, with an IT department that either is utterly inept or had been so marginalized by MBA morons and sociopaths.

Don't worry. Instead of security they have been moved to the online sales department. Now they are all doing photoshop work for the summer swimsuit line now so they will be unlikely to cause Target any further embarrassment...

Re:To be fair? (5, Insightful)

James-NSC (1414763) | about 7 months ago | (#46488097)

I'd wager it wasn't the security team that dropped the ball. I work in the same role (I'm the most senior member of the security team), and I can tell you first hand that I don't have the authorization to act in matters of that scope independent of the executive team in situations like those. I have to forward my recommendations up the chain and get approval.

That causes delays. Often times, things then get lost in the executive level. Whenever there are contractors involved it's even worse as they spend a week or so arguing over whose responsibility it is, who is going to pay for it, how much down time it's going to represent, how much money they're going to lose, etc,etc, etc. Executives are also really bad at judging risk when it comes to security. They'll expose themselves and their companies to staggering amounts of risk - if for no other reason - than the fact that the failure/security breach/what-have-you isn't impacting business "right now" but shutting down an ecommerce system to patch it will impact the bottom line *right now* and they would rather risk "maybe" losing money at some future date than know they're losing money "right now".

Executives will mortgage their companies futures at every possible opportunity for a few extra dollars today.

The number of times I've taken a GLARING security issue up only to have the "how long can we leave it before it impacts business" be their main concern. If it's a vulnerability on a production, WAN facing system - but we don't have evidence of it being actively exploited - it's not considered to be as critical as taking that system offline for an hour to patch/test it. The certainty of lost revenue in that hour is more meaningful than the potential of abuse at a later date. Worst part of it all is that when that later date does come around and things get really bad, they all point their collective fingers at the security team and none of them take any responsibility whatsoever.

You're damned if you do, damned if you don't and blamed all the way around.

Corporate InfoSec is a very, very frustrating occupation. I feel for those poor guys at Target.

Re:To be fair? (4, Interesting)

DarkOx (621550) | about 7 months ago | (#46488387)

The security team should have a license to kill from the executive team. We do, our instructions are if we believe we breach is in progress, "shut it down".

Mind you we have never done it. We came very very close to doing so once on a false positive. The operations team failed inform us of some activity they were going to be doing. Fortunately the guy answered his phone, but otherwise we would have pulled the plug and islanded the entire dmz ecommerce and the corporate home page and all.

After reviewing the after action report the executive team agreed and would've been right to do it given what we knew.

That is how it should work

Re:To be fair? (0)

Anonymous Coward | about 7 months ago | (#46488637)

Hahaha that's how it SHOULD work but it isn't how it usually works. Generally what happens is someone higher up goes to check their Facebook one day and the internet is down...IT is responsible! So to remedy the situation they remove the authority of anyone in IT to take the network down without preapproval. It'll be fine, they think, they can just call and get authorization. Then they're like....nooo we better not reboot the servers cuz it'll take the network down for five minutes and that's totally millions of dollars lost.

Re:To be fair? (2)

sjames (1099) | about 7 months ago | (#46490059)

It's funny how IT is a pure cost center right up until it suggests shutting down one of those pure costs for 5 minutes. Then suddenly it's "OMG NO! we'll loose bazillions!"

Re:To be fair? (2)

Lumpy (12016) | about 7 months ago | (#46489011)

At comcast that is how we worked from 1998 to 2007 when I was there. Security breach? I can tell the CEO to fuck himself to his face and yank the plug. And at many times I saw executives escorted out of the data center by guards because they were being idiots demanding we restore internet access. Management are clueless morons, they must be left out of the loop for security.

It's why Cops dont have to call the mayor when they see a guy running into a bank with a gun in his hand and a big sack with a dollar sign painted on it.

Re:To be fair? (1)

Zero__Kelvin (151819) | about 7 months ago | (#46489361)

"It's why Cops dont have to call the mayor when they see a guy running into a bank with a gun in his hand and a big sack with a dollar sign painted on it."

Yeah. That's why I never paint a dollar sign on my big sack, or my gun either for that matter!

Re:To be fair? (0)

Anonymous Coward | about 7 months ago | (#46490193)

Huzzah!
That's employee empowerment in action.

Re: To be fair? (1)

DoofusOfDeath (636671) | about 7 months ago | (#46491439)

I used to work on. DoD research lab. Whenever the security team didn't inderstandt something, they shut down the network. They didn't know much, so they shut down systems often and for long periods. And their performance was judged entirely on howamy attacks got through, not on our lab's productivity.

It's a big reason why they kept on loosing gold developers and researchers, me included.

Re:To be fair? (2)

jacobsm (661831) | about 7 months ago | (#46488861)

Not only InfoSec, most warnings from the people who know up to the people who don't know, but have authority to act, or spend money are just ignored.

Several years ago I told Data Center management that a vital piece of hardware had reached end of life and needed to be replaced else we'd be at risk for a total system outage that might last for days.

They didn't want to spend the $30,000 dollars until they absolutely had to, so they ignored my recommendation. In the end, nothing bad happened, but it very easily could have and we'd have lost revenue in the millions of dollars, just so as not to spend money before they absolutely had to.

Re:To be fair? (2)

TClevenger (252206) | about 7 months ago | (#46489805)

The breach started two days before Black Friday. What incentive would management have to do anything that would jeopardize their ability to sell all the way until Christmas?

Levy a fine against them equivalent to their entire profit from November 27 until December 19 when they finally admitted the breach. Maybe companies will think twice before trying to sweep these things under the rug.

Re:To be fair? (1)

Charliemopps (1157495) | about 7 months ago | (#46489883)

Given that the typical admin in a large corp gets bombarded with a jillion emails daily (ranging from fluff to drop-dead serious, because vendors rarely know the difference), I can see warnings get buried in the pile pretty easily.

I used to work in the NOC for a major telco and let me tell you, your ENTIRE job is being able to filter through that shit to see the big picture. I was looking at hundreds of network alarms simultaneously at any moment on any given day, and I had to know what was going on.

It's not possible, so it must be a false alarm (2)

Anonymous Coward | about 7 months ago | (#46487641)

I'd wager there's about an 80% chance someone said the following:
"There's no way someone could have infected the POS systems; must be something wrong with this stupid FireEye thing..."

Re:It's not possible, so it must be a false alarm (1)

invictusvoyd (3546069) | about 7 months ago | (#46489887)

A contractors credentials were stolen / used to gain access . Anybody thinking of that ? That was the point of entry

Well... (0)

Anonymous Coward | about 7 months ago | (#46487667)

The victims of this breach wasn't Target. It was their customers. Why should they care?

Re:Well... (1)

raodin (708903) | about 7 months ago | (#46487807)

The customers who were liable for exactly $0 of fraudulent charges under US law?

Re:Well... (1)

Anonymous Coward | about 7 months ago | (#46488073)

The laws which shield consumers from this liability are actively being lobbied against by the banks.

The banks are trying to use chip and pin to shift this liability to their customers.

source: in the banking industry for 15 years.

The horse is already out of the barn (0)

Anonymous Coward | about 7 months ago | (#46488307)

In Canada, we have chip and pin and the customer doesn't pay. The banks may want to do that, but good luck.

Re:Well... (0)

Anonymous Coward | about 7 months ago | (#46488525)

Kind of like using bitcoins. No consumer protection at all.

Re:Well... (1)

wiredlogic (135348) | about 7 months ago | (#46488831)

Chip and pin is being forced by Visa and Mastercard not the banks.

Re:Well... (0)

Anonymous Coward | about 7 months ago | (#46488127)

Credit card holders WILL see rate/fee increases to recoup the cost of the fraud. NOT Target.

How does the law protect them from that?

Heart of the matter (1)

shipofgold (911683) | about 7 months ago | (#46487725)

From TFA:

"With today's amount of detection data, just signaling an alarm isn't enough. The operator/analyst should be able to understand the risk as well as the recommendation of each incident, in order to be able to prioritize."

My experience is that companies skimp on the 7x24 NetworkOperationCenter personnel. Get cheap "eyes" on the logs and then hope that they are trained to recognize what is going on.....In most cases they just forward to someone else, and when you get the 15 false positive everybody relaxes and assumes the 16th is false as well...this is where the professionalism comes in.

Re:Heart of the matter (2)

rudy_wayne (414635) | about 7 months ago | (#46487775)

All told, up to five "malware.binary" alarms reportedly sounded, each graded at the top of FireEye's criticality scale, and which were seen by Target's information security teams first in Bangalore, and then Minneapolis.

Well, there you go.

Re:Heart of the matter (1)

ark1 (873448) | about 7 months ago | (#46488015)

Well, there you go.

We don't know the whole story here but it looks like Bangalore was a 1st tier center that escalated this issue to someone in US for further investigation. Sounds to me like the problem was in US.

Re:Heart of the matter (1)

jd2112 (1535857) | about 7 months ago | (#46490075)

Well, there you go.

We don't know the whole story here but it looks like Bangalore was a 1st tier center that escalated this issue to someone in US for further investigation. Sounds to me like the problem was in US.

Target is most likely using a 'Follow the sun' model, so if the alert happened at night (in the US) the Bangalore security team would have been monitoring at the time.

Re:Heart of the matter (1)

skids (119237) | about 7 months ago | (#46489343)

Define "seen." Being "seen" among a flood of similar alarms too big for the team to handle is a bit different than being "seen" as one of a few of the day's most elevated alarms. Many of these devices crank out thousands of top-of-scale alerts per hourm, and add tens to hundreds of new alerts to their catalogue each day.

From the article it looks like Target determined in hindsight that they needed to do a better job on their in-house classification and prioritization configurations. Probably means they didn't invest enough in initial configuration and ongoing maintanence of that configuration.

Re:Heart of the matter (0)

Anonymous Coward | about 7 months ago | (#46487903)

so the moral of the story

pay peanuts, get monkeys. All the alarms in the world don't matter if no one actually knows what to do in the event one is found. Especially if the person who's job is to man the NOC isn't empowered to do shit.

Re:Heart of the matter (2)

DarkOx (621550) | about 7 months ago | (#46488447)

I think the big problem is that 24 x 7 monitoring tends to be outsourced. It's not a good model. SIEM systems or good if anything to deserve human attention. But they either get so over tuned they don't really detect much of anything or they throw a lot of false positives.

Long as your in-house cert team is watching the SIEM that works they know the network. They recognize that radius server is likely to produce a lot of multiple authentication failed followed by authentication succeeded events against the domain controller because of the nature what it does. that's one to ignore but if it happened with some other server it might be a serious issue.

Now that monitoring gets outsourced to some CallCenter. They don't know the network. they escalate tickets for both events. Employees responsible those tickets are no longer 24 hour but they come in all day every day and all night. Most of them are crap how long until those guys stop jumping up from the dinner table to go check their PCs every time the phone vibrates?

Serious incidents get missed or not acted on until the next morning

False alarms? (0)

Anonymous Coward | about 7 months ago | (#46487777)

Most likely FireEye farts out false alarms by the hundreds.

False to true ratio? (4, Insightful)

joe_frisch (1366229) | about 7 months ago | (#46487785)

It isn't clear (at least to me) how many false alarms they got before they got the real one. The key to a good security monitoring system is not just to catch all the real threats, but to not flag imaginary or minor ones.

Re:False to true ratio? (0)

Anonymous Coward | about 7 months ago | (#46488407)

Have you used FireEye? It's not a particularly noisy product in this regard w/r/t false positives.

Have you used FireEye? (4, Informative)

Anonymous Coward | about 7 months ago | (#46488781)

Their alerts are the closest thing to security magic I have ever seen. Their false positive rate is astronomically low and they really do detect brand new malware.

On the FireEye system I use at work if it alerts we take action. Always. For URLs they sometimes get it wrong but we see 1 false positive a year with binaries. That's way beyond impressive when protecting tens of thousands of particularly gullible users, it's downright witchcraft. We often find another systems like URL filtering, IPS or endpoint protection prevented a true infection but we always do the homework when FireEye triggers. When you have real confidence the security threat is real doing legwork to confirm infection is easy.

For Target to have ignored FireEye's data borders on criminally negligent. It's really common to dig back through IPS logs once you know something was wrong and find a trove of data about the attack. FireEye is something else altogether; it's the most actionable security intelligence I have ever seen. It's truly astonishing technology since it's so effective. It captures binaries and URLs from the wire (IPS-style), email (SMTP MTA) and file shares and runs them in VMs. If enough malicious activity is detecting like deleting itself, changing registry keys, or contacting suspicious or blacklisted IPs (along with lots of other things) the binary is flagged in an alert. It's prefect for filling in the gaps left by traditional antivirus and the noise of intrusion prevention.

Re:Have you used FireEye? (1)

Anonymous Coward | about 7 months ago | (#46488979)

ALERT: Anonymous Coward detected from vpn.marketing.fireeye.com

Re:Have you used FireEye? (1)

JasperHW (710218) | about 7 months ago | (#46493939)

I'll back up what he says and put my name to it. I work for a reseller and I've deployed and managed FireEye, Palo Alto, Cisco, Sourcefire, and Juniper (ScreenOS and the JunOS mess) appliances. They all have their strengths and weaknesses, although they aren't obviously equal. .

Fireye's false positive rate is damn low in comparison to it's competitors. Sourcefire with FireSIGHT is pretty awesome as well (passive fingerprinting of endpoint traffic automatically correlated against breach attempts aka filtering out 99% of false positives for you once it's seen enough traffic on your network), and Palo Altos when you turn on AV, AS, Vuln + Wildfire drop everything suspicious - no human needed so alerts don't necessarily need to be acted on immediately. I've yet to hear of a false positive that was rated as critical or high and that's in dozens or possibly hundreds of installations that I've seen of PA firewalls.

The biggest problem I've seen in a lot of FireEye deployments is they stick it on a TAP port to so the thing can't just drop the suspicious traffic it detects. Half of what it's protecting is dumbass users blindly clicking links that lead to malware sites. That's a hard problem to stop unless you're perimeter security is setup right, and if it's not, all you get from FireEye is endless alerts that there's another dumbass user in your environment. FireEye is freakin badass at detecting and correlating multi-vector attacks like what happened with Target. If the Target admins had put it in inline blocking, there would have been no incident.

Re:Have you used FireEye? (1)

skids (119237) | about 7 months ago | (#46489427)

For Target to have ignored FireEye's data borders on criminally negligent.

They may have had FireEye running alongside noisier products in a merged event stream. At that point employees working the alarms have to get to know each source/category of events and get a feel for the reliability of each product. WIth enough products involved and a low false positive rate, it would just take a typical understaffing/underskill situation for the staff not to know it was an extremely trustworthy source. Whether criminal negligence was involved cannot be determined from a distance.

Didn't they know? (1)

scuzzlebutt (517123) | about 7 months ago | (#46487791)

They had a target on their back.

BREAKING NEWS! (0)

Anonymous Coward | about 7 months ago | (#46487825)

This is breaking news!

Haha. Made you look! Just like the networks.

Re:BREAKING NEWS! (0)

Anonymous Coward | about 7 months ago | (#46488341)

Why, did a plane go missing? Cuz if so I need wall to wall 24 hour coverage for a week. The more unsubstantiated theories about aliens and such the better.

Seattle Rent Boys (-1)

Anonymous Coward | about 7 months ago | (#46487839)

Folks, Volunteer Park in Seattle is THE place to hook up with hot young rent boys. You'll find quite a selection 16 and up. 16 is the legal age in Washington, and nothing beats "young, dumb, and full of cum". I met a dude there just yesterday, just turned 16 (had the ID to prove it), lookin' to get high and make a few bills. Took him back to my place and swapped cum all afternoon for $50. This dude was skinny with big doe eyes, but when I slid my had down his pants to check out the equipment, MAN OH MAN! Hung like a fucking HORSE, and that hose just would not stop spewing buckets of jizz. Seriously, don't waste time with older boys, 16 is the perfect age if you want a smooth boy that just will not stop! Volunteer Park, guys!

Wait a second (0)

Anonymous Coward | about 7 months ago | (#46487845)

there security team was in Bangalore? As in India? They outsourced their security to the cheapest bidder and then they wondered why this happened? Outsourcing coming back to bite you in the ass yet? Will this entire post be questions?

Re:Wait a second (1)

Anonymous Coward | about 7 months ago | (#46487975)

We don't know if outsourcing was an issue.

But, if it was it probably won't be fixed because outsourcing saved them money. It doesn't matter about the crappy service we are used to from Bangalore and the stupid idea (from a security perspective) of outsourcing any security. They saved money by outsourcing. They continue to save money. Even after any fines or expenses they are going to have to pay, it is still a money maker to outsource the labor. Customers be fucked.

Re:Wait a second (1)

TechyImmigrant (175943) | about 7 months ago | (#46488151)

The world has moved on and left you behind. The most effective silicon validation team I know is in Bangalore. We employ people in Bangalore because they're good.

Re:Wait a second (0)

Anonymous Coward | about 7 months ago | (#46488323)

And do you pay less than to your local people?

Re:Wait a second (1)

Anonymous Coward | about 7 months ago | (#46488943)

Probably pays market rate. Which I would imagine would be somewhat less, but not astonishingly so for a world-class (assuming he's correct) team anywhere in the world.

Sure, you start with the cheap outsourcing because it's cheap. I've done so for specific jobs, and sometimes I've also hired a specific contractor full time simply because they were great.

Aside from english skills and time zone differences, I honestly (as a small hiring manager) have not seen much difference in the quality of people from both markets. Yes, 80% of the available work force is trash. Most outsourcing companies are trash. That percentage is the same in the US, it's just you're paying a hell of a lot more for the trash.

The 20% who actually are worth working with, get paid pretty similar no matter where they are in the world because they are worth it, they know it, and they have options. I tell all my new hires that I could care less if they work from a plane, a beach, the middle of Africa - it's completely irrelevent. Just get the job done on time and intelligently.

Welcome to the Internet. If you didn't see the regional barriers going completely away for high-end tech work, you have to be blind or part of the 80%. In time, "virtual" skills (e.g. work that can be done via the internet) will be one of the most egalitarian markets for competition that has ever existed. Yes, this will mean far less overpaid idiots. That is a good thing.

RE: Wait a second (0)

Anonymous Coward | about 7 months ago | (#46488179)

Target has IT staff in India. They are Target employees. There probably was no outsourcing, just like there are no excuses.

Re:Wait a second (0)

Anonymous Coward | about 7 months ago | (#46488581)

It there a Bangalore you're not telling us about?

Re:Wait a second (1)

Virtucon (127420) | about 7 months ago | (#46489159)

“As I hurtled through space, one thought kept crossing my mind - every part of this rocket was supplied by the lowest bidder.” - John Glenn

Need harsher punishments (1)

thetoadwarrior (1268702) | about 7 months ago | (#46488139)

As we put more online we need to adjust laws to properly punish companies otherwise they'll continue not to care. Fine them something like 50% of their revenue (not profit) for the year of the incident and then they'll start to care.

Outsourcing... (0)

Anonymous Coward | about 7 months ago | (#46488175)

If you read the article, they outsourced their IT to India. You get what you pay for.

Re:Outsourcing... (2)

Virtucon (127420) | about 7 months ago | (#46489125)

It still amazes me that companies are willing to outsource or "right shore" their critical IT development and functions to third parties like this. Still, Target Management who have now been sent packing are ultimately held responsible, except of course the CEO and the Board who probably rubber stamped the deal because it could "save them money." At one time I held a senior position at a major transportation company and the first question during budget reviews with our CIO was "what are we going to outsource this year?" It wasn't about did it add value or add a capability we didn't already have, it was one of his initiatives that he received a bonus for meaning if he outsourced X% of what was considered "IT administration" he'd get his fat bonus.

There are a lot of competent IT outsourcing firms out there and they exist because IT isn't viewed as a value added function within a business like it used to be. Unfortunately with the competent ones there's a ton of incompetent ones. The real problem is the perception that it's just a few PCs and Servers in a closet and we don't change that much so why do we have all of this staff and budget. Therein lies the problem because the person responsible for that, the CIO, hasn't done his/her job of communicating effectively to their peers and the board about the role that IT plays in the organization. Sure, are there bloated IT organizations or functions that can be outsourced or eliminated? In most cases yes but that doesn't mean wholesale outsourcing is always called for or should be done at all. In this case Target fucked up and didn't have the proper management structure in place to address the problem when it was being pointed out to them.

Re:Outsourcing... (1)

billstewart (78916) | about 7 months ago | (#46492441)

The article said that after Bangalore the alarms got handled in Minneapolis. Can't complain about rightshoring with that.

Re:Outsourcing... (1)

Virtucon (127420) | about 7 months ago | (#46493063)

No, I was commenting on the OP that blamed IT/India Outsourcing which you can't really blame on anybody except whoever had the responsibility of dealing with the problem. Rightshoring/Outsourcing doesn't obviate an organization from being responsible for the data but it can make the problem much worse if upper management think it's not their responsibility anymore.

Target Security Ops = non-essential (0)

Anonymous Coward | about 7 months ago | (#46489855)

Why haven't they all been laid off, if their work will be ignored?

Maybe they were PCI compliant? (1)

MobSwatter (2884921) | about 7 months ago | (#46490021)

It is utterly amazing how many people find solace in the aspect of satisfying PCI guidelines particularly when that which makes the security industry being human makes security a moving target (on daily, not annual basis). Not to mention that with what the NSA did was render all the security upgrades everyone was forced to pay for worthless as the encryption was broken well before it was released to the market and packaged and put to work in new compiled libraries to run in payment card apps. I think its pretty safe to say that AES-256 is dead, RSA is dead, pc security is dead. Faced with a police state under which the value of our money is dictated on a whim and reinforced (at gunpoint) that it is actually worth something. Maybe we should trade marbles?

false positives (0)

Anonymous Coward | about 7 months ago | (#46490335)

hmmm, so rather than direct the outrage at what incompetence could have ignored such warnings, how about someone ask the the question that really matters. How many times do those alarms actually go off, both for real live incidents and for false positives. That might tell you more about why the alarm was ignored.

in targets defense (1)

Osgeld (1900440) | about 7 months ago | (#46490455)

its the first time my lazy ass bank changed my debit card number in a decade

Conflicting Slashdot stories (1)

wjcofkc (964165) | about 7 months ago | (#46490997)

The first time this story was posted a month ago, it was reported that Target's internal security team warned management months in advance that there was a huge problem.

Target's Internal Security Team Warned Management [slashdot.org]

So which is it?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?