The Field Of Information Technology Security Essay

1395 Words6 Pages
On December 19, 2013, the field of information technology security was forever changed when Target publicly acknowledged that hackers have breached their system and personal information of about 70 million customers were stolen. This was an unprecedented event because before the breach many companies did not take IT security as seriously as they should. As the dust settled, the world witnessed what can happen when a company have a vulnerable security system. As impressive as this data breach look from a security perspective, the enormous attack wasn’t very ingenious. A few days before the Thanksgiving, a malware was installed in the target’s security and payment system designed to steal customers information from 1797 target stores in America. However, target could have easily prevent this attack they were more proactive about their security. This all started when hackers compromised a third-party vendor, Fazio Mechanical Services, a refrigeration contractor. The hackers were able to infect the vendor with Citadel trojan through email phishing. The hackers, then, stole credentials to login to access Target-hosted web service that was meant only for the vendors. This alone, did not cause the data breach as it was not possible to execute arbitrary commands. Hackers inserted a php script, most likely a "web shell," which act as backdoor for them to execute arbitrary operating system commands. They most likely named the php script as a "xmlrpc.php" to disguise itself as a php
Open Document