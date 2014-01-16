By Jim Finkle
BOSTON Jan 16 The U.S. government on Thursday
provided merchants with information gleaned from its
confidential investigation into the massive data breach at
Target Corp, in a move aimed at identifying and
thwarting similar attacks that may be ongoing.
The report titled "Indicators for Network Defenders" brings
to light some of the first information gleaned from the
government's highly secretive probes into the Target breach and
other retail hacks, including details useful for detecting
malicious programs that elude anti-virus software.
"It's a shame this report wasn't released a month ago," said
Dmitri Alperovitch, chief technology officer of the
cybersecurity firm CrowdStrike. "It has been frustrating for
some retailers because it has been incredibly difficult for most
firms to get information. It has not been forthcoming."
No. 3 U.S. retailer Target disclosed the theft of some 40
million payment card numbers and the personal data of 70 million
customers in a cyber attack that occurred over the holiday
shopping season. Neiman Marcus last week said that it too was
victim of a cyber attack, and sources have told Reuters that at
least three other well-known national retailers have been
attacked..
The document noted that an underground market for malicious
software to attack point-of-sale, or POS, terminals has
flourished in recent years. Three of the most popular titles for
the malicious software include BlackPOS, Dexter and vSkimmer.
"We believe there is a strong market for the development of
POS malware, and evidence suggests there is a growing demand,"
the report, obtained by Reuters, warned.
The Secret Service, which is heading up the investigations
into the cyber attacks, has declined to comment on what it has
learned or identify victims besides Target and Neiman Marcus.
ARMED WITH INFORMATION
John Watters, chief executive of the security intelligence
firm iSIGHT Partners, which helped draft the document released
on Thursday, said that the government decided to provide
information to retailers so they can determine whether their
systems have been compromised by hackers.
"The point of getting the technical artifacts out there is
that people can go out there and examine their systems and see
if they have been compromised," said Watters, whose firm has
helped the Secret Service in its investigations of retail
breaches. "Now they are armed with information and they can go
do something about it."
A Department of Homeland Security official said the report
was drafted to provide the industry "with relevant and
actionable technical indicators for network defense."
The document said that an advanced piece of software dubbed
the POSRAM Trojan, was used in the recent attacks.
POSRAM is an type of RAM scraper, or memory-parsing
software, which enables cyber criminals to grab encrypted data
by capturing it when it travels through the live memory of a
computer, where it appears in plain text.
While the technology has been around for many years, its use
has increased in recent years as retailers have improved their
security, making it more difficult for hackers to obtain credit
card data using other approaches.
POSRAM succeeded in evading detection by anti-virus software
when it infected the Windows-based point-of-sales terminals,
according to the report.
"This report was generated so that we could get it into the
hands of commercial entities so that they had information they
needed to protect themselves," iSIGHT Partners Senior Vice
President Tiffany Jones told Reuters.
The document was prepared by the Department of Homeland
Security's National Cybersecurity and Communications Integration
Center, the U.S. Secret Service, iSIGHT Partners and the
Financial Sector Information Sharing and Analysis Center, an
industry security group.
Alperovitch of CrowdStrike said that the report contained
fewer technical details than an article published on Wednesday
by security blogger Brian Krebs.