I have plenty of thoughts about today’s Senate Judiciary hearing credit card hacking hearing, where Americans heard for the first time directly from executives at Target and Neiman Marcus. I’ll get to them in the next day or two. But this caught my eye from the testimony of Neiman Marcus Chief Information Officer Michael Kingston. It’s a pretty forthcoming list of reasons that his security team didn’t catch the hack in the first place. Sure, it’s a bit of a performance designed to head off the inevitable, “Why didn’t you do more to secure consumers’ data?” questions. But I also think it might be worth you, dear IT professional, hitting ctrl-p, ripping it off the printer and dropping it on some executives’ desks.
- First, the malware was apparently not known to the anti-virus community and had been written to evade anti-virus signatures.
- Second, the malware erased its tracks by removing the disk file that had caused it to run, even while the program itself was still running in memory – a highly unusual and difficult-to-achieve feature.
- Third, when the malware scraped and captured card data, it created encrypted output files, so the output files did not exhibit evidence of card-scraping activity – until they were decrypted.
- Fourth, the malware appeared to have features that were custom-built as a result of reconnaissance efforts within our systems that appear to have been clandestinely conducted earlier in 2013.
- Finally, the malware carefully covered its tracks with a built-in capability that wiped out files evidencing its operation by overwriting them with random data – making forensic detection much more difficult.