In a scathing bit of reportage from Bloomberg Businessweek we discover that retailer Target had received word that its security system had been compromised nearly two weeks before it moved to act on the information.
In fact, last year Target hired FireEye, a security firm, to watch their servers for malware. The firm, which has a Bangalore-based response team, informed Target HQ in Minneapolis that someone had hacked the company on November 30. And no one did anything about it.
In short, according to Bloomberg, “for some reason, Minneapolis didn’t react to the sirens.”
The piece, as a whole, is delightfully detailed. It describes Target’s security system as well as FireEye’s “honeypot” servers that fooled attackers into thinking they had dropped into running servers but instead let them fool around in a sandboxed environment while FireEye watched. Then things got a little hairy.
View original post 190 more words