Sunday, April 20, 2014
YOLO COUNTY NEWS
99 CENTS

Joe Nocera: Unto the breach

By Joe Nocera

Last Wednesday, a letter landed in my email inbox from Gregg Steinhafel, the chief executive of Target. He wanted me to know that there was a decent likelihood that some of my personal information had been stolen by criminals who had “forced their way into our systems,” as Steinhafel put it, and pulled off one of the biggest data breaches in history.

I’m not a regular Target shopper, so I had to think about this for a minute. Then I remembered: In mid-December, while marooned in Houston after missing a connecting flight to Rio de Janeiro, I went to a Target store to buy some clean clothes. I paid with my debit card, which I swiped through the little “point of sale” machine, and then entered my passcode — something I probably do a dozen times a day. The very ordinariness of the transaction is partly why it hadn’t stood out in my memory.

Since receiving Steinhafel’s letter, however, I’ve been brushing up on data breaches, and I’m here to say it is going to be a while before I’m sanguine when I make that little swiping motion with my debit card. In the battle between hackers and retailers, it sure looks as though the hackers are winning.

If you have read anything about the Target data breach, you know that from Nov. 27 to mid-December, hackers siphoned off the credit card information of 40 million Target shoppers, including card numbers, passcodes and the three-digit security code on the back. They also took names and email addresses of tens of millions of other Target customers.

Target acknowledged the breach Dec. 19, but only after a reporter named Brian Krebs had broken the news on his authoritative blog, Krebs on Security.

When I talked to Krebs, he told me that while Target was “hardly a poster boy for how to secure data,” the company probably wasn’t all that much worse than most other retailers. Its digital system undoubtedly had all the current anti-virus software, none of which had detected the malicious software — “malware,” as it’s called — that had infected it. Krebs was pretty convinced that the hackers were Russians. It was obvious that they were extremely sophisticated in how they went about stealing credit card data.

After burrowing into a Target server, he explained on his blog, the malware would then grab data from Target’s point-of-sale terminals all across the country shortly after customers swiped their cards. At that moment, a moment of maximum vulnerability since all the data was unencrypted at that point, the magnetic stripe would yield all the information the hacker needed.

Another security expert, Gerhard Eschelbeck, the chief technology officer at Sophos, wrote in a recent report that “one trend that stands out is the growing ability of malware authors to camouflage their attacks.” Eschelbeck described modern hacks as “innovative and diverse.”

Virtually every security expert I spoke to said it is likely that a lot more retail companies have been breached than has been acknowledged. Indeed, earlier this month, Neiman Marcus admitted that its systems had been breached. And just the other day, the Department of Homeland Security sent a report to retailers and banks warning about point-of-sale malware, which it suspects has infected more systems than just Target’s.

So why don’t retailers do more to stop such attacks? Part of the reason is that nobody is forcing them to. It costs a lot of money to completely revamp their systems in ways that would make them harder to breach. However disruptive to customers, there really hadn’t been any business consequences, not until the Target breach, anyway. (Target saw its Christmas sales decline after the breach was announced.)

The simplest thing we could do to diminish data breaches would be to move away from magnetic stripes, which are relatively easy to copy, and go to a system in which credit and debit cards are embedded with chips. In widespread use in Europe and elsewhere, such cards are practically nonexistent in the United States (although a rollout is supposed to begin in the fall of 2015). In 2009, a payment company called Heartland suffered a breach that was even larger than Target’s. You would think that would have been a wake-up call, but apparently it wasn’t.

The most galling part of Steinhafel’s letter is its advice to consumers. “Never share information with anyone,” he writes. “Be wary of emails that ask for money.” None of this advice, of course, would have helped anyone who had the misfortune to shop at Target during the three weeks the malware was doing its devious work. The fault was not ours, Mr. Steinhafel; it was yours.

As for me, it turns out that the Russian hackers won’t be able to use my debit card information after all. I had to get a new card — after I was hacked in Brazil.

— New York Times News Service

New York Times News Service

LEAVE A COMMENT

Discussion | No comments

The Davis Enterprise does not necessarily condone the comments here, nor does it review every post. Read our full policy

.

News

Hub of activity: DHS newspaper keeps evolving

By Zoe Juanitas | From Page: A1 | Gallery

 
A springtime ritual

By Wayne Tilcock | From Page: A1 | Gallery

 
Holy fire ceremony draws thousands in Jerusalem

By The Associated Press | From Page: A2 | Gallery

 
Ortiz lawn signs available

By Enterprise staff | From Page: A3

 
Sign up soon for spring cooking classes

By Enterprise staff | From Page: A3

Robb Davis team to rally on Saturday

By Enterprise staff | From Page: A3

 
Tour renovated YCCC facility Thursday

By Enterprise staff | From Page: A3

Tour Davis Waldorf School on Wednesday

By Enterprise staff | From Page: A3

 
The fifth annual Tour de Cluck is soon to be hatched

By Special to The Enterprise | From Page: A3 | Gallery

Yolo Hospice offers free grief workshops

By Enterprise staff | From Page: A4

 
Sign up for Camp Kesem caterpillar crawl

By Enterprise staff | From Page: A4

Quilters gear up for annual show

By Sebastian Onate | From Page: A4

 
Steadfast in their support

By Lauren Keene | From Page: A4, 11 Comments | Gallery

League hosts a series of candidate forums

By Enterprise staff | From Page: A5

 
KDVS launches fund drive on Monday

By Jeff Hudson | From Page: A5

Calling all Scrabble fans

By Enterprise staff | From Page: A5, 1 Comment | Gallery

 
Hub webpage is seeing traffic increasing

By Zoe Juanitas | From Page: A8

Learn Chinese crafts at I-House

By Sebastian Onate | From Page: A16

 
Preschool open house set at Davis Waldorf

By Enterprise staff | From Page: A16

Birch Lane celebrates its 50th anniversary

By Enterprise staff | From Page: A16

 
Hotel/conference center info meeting set

By Enterprise staff | From Page: A16

Lescroart welcomes all to book-launch party

By Special to The Enterprise | From Page: A16 | Gallery

 
DEVO set to serve up 14th annual Winkler Dinner

By Enterprise staff | From Page: A16, 1 Comment | Gallery

.

Forum

Take ownership of your health

By Special to The Enterprise | From Page: B5

 
Not thrilled with lack of symmetry

By Special to The Enterprise | From Page: A7

Reliving the agony and ecstasy of spring

By Marion Franck | From Page: A7

 
Keep your baby safe

By Special to The Enterprise | From Page: A7

 
Rick McKee cartoon

By Debbie Davis | From Page: A12

 
Core values on campus

By Our View | From Page: A12, 3 Comments

Road diet? No, city diet!

By Letters to the Editor | From Page: A12, 5 Comments

 
We’re reveling in our equality

By Letters to the Editor | From Page: A12, 1 Comment

Vote no; it’s fiscally responsible

By Letters to the Editor | From Page: A12, 3 Comments

 
Bill is an affront to UC Davis ag biotech and local farmers

By Special to The Enterprise | From Page: A13, 3 Comments

Don’t want to sit in Fix 50 traffic? Consider alternatives

By Special to The Enterprise | From Page: A13, 1 Comment

 
.

Sports

Stars shine in Woody Wilson Classic

By Evan Ream | From Page: B1, 1 Comment | Gallery

 
Devils burn up the track

By Enterprise staff | From Page: B1

 
UCD softball shut out by Santa Barbara

By Thomas Oide | From Page: B1 | Gallery

Aggie men shoot 9-under, lead own tourney

By Bruce Gallaudet | From Page: B1 | Gallery

 
UCD roundup: Aggie baseball swept away by Highlanders

By Enterprise staff | From Page: B2

A’s score 3 in ninth, rally past Astros 4-3

By The Associated Press | From Page: B6

 
.

Features

.

Arts

.

Business

Pediatricians, nurse practitioner hired at Woodland Healthcare

By Enterprise staff | From Page: A9 | Gallery

 
Asian stocks mostly higher after mixed U.S. earnings

By The Associated Press | From Page: A9

Yolo Federal Credit Union gets WISH funds

By Enterprise staff | From Page: A9

 
PG&E pays taxes, fees to county, cities

By Enterprise staff | From Page: A9, 1 Comment

Will Davis get an Old Soul?

By Wendy Weitzel | From Page: A9

 
University Honda wins another President’s Award

By Enterprise staff | From Page: A14 | Gallery

Dutch Bros. raises $19,000 for girl with leukemia

By Enterprise staff | From Page: A14 | Gallery

 
Davis Roots will showcase its graduating startups

By Enterprise staff | From Page: A14

.

Obituaries

.

Comics

Comics: Sunday, April 20, 2014

By Creator | From Page: B8