clear
Sunday February 14th, 2016 9:45AM

Hackers may have used Pa. company to hit Target

By The Associated Press
NEW YORK (AP) -- The hackers who stole millions of customers' credit and debit card numbers from Target may have used a Pittsburgh-area heating and refrigeration business as the back door to get in.

If that was, in fact, how they pulled it off - and investigators appear to be looking at that theory - it illustrates just how vulnerable big corporations have become as they expand and connect their computer networks to other companies to increase convenience and productivity.

Fazio Mechanical Services Inc., a contractor that does business with Target, said in a statement Thursday that it was the victim of a "sophisticated cyberattack operation," just as Target was. It said it is cooperating with the Secret Service and Target to figure out what happened.

The statement came days after Internet security bloggers identified the Sharpsburg, Pa., company as the third-party vendor through which hackers penetrated Target's computer systems.

Target has said it believes hackers gained access to its vast computer network through one of its vendors. Once inside, the hackers installed malicious software in Target's checkout system for its estimated 1,800 U.S. stores.

Experts believe the thieves gained access during the busy holiday season to about 40 million debit and credit card numbers and the personal information - including names, email addresses, phone numbers and home addresses - of as many as 70 million customers.

Cybersecurity analysts had speculated that Fazio may have remotely monitored heating, cooling and refrigeration systems for Target, which could have provided a possible entry point for the hackers. But Fazio denied that, saying it uses its electronic connection with Target to submit bills and contract proposals.

The new details illustrate what can go wrong with the far-flung computer networks that big companies increasingly rely on.

"Companies really have to look at the risks associated with that," said Ken Stasiak, CEO of SecureState, a Cleveland firm that investigates data breaches. Stasiak added that industry regulations require companies to keep corporate operations such as contracts and billing separate from consumer financial information.

Stasiak emphasized that the thieves would have still needed to do some serious hacking to move through Target's computer network and reach the checkout system.

Chester Wisniewski, senior security adviser for the computer security firm Sophos, said that while it may seem shocking that Target's systems are that connected, it is a lot cheaper for a company to manage one network rather than several.

He added that while retailers are supposed to keep consumer information separate, they are not required to house it on a separate network.

Still, he said he was extremely surprised to hear that the hackers may have gotten in via a billing system, saying those kinds of connections are supposed to provide extremely limited access to the other company's network.

As a result, while the hackers were clearly talented, it's obvious something went wrong on Target's end, he said.

"If normal practices were followed, they wouldn't have been able to get access," Wisniewski said.

Secret Service spokesman Brian Leary confirmed that investigators are looking into the attack at Fazio Mechanical Services, but wouldn't provide details. Molly Snyder, spokeswoman for Minneapolis-based Target, would not comment.

Federal prosecutors in Pittsburgh referred calls to their counterparts in Minnesota, who would not discuss the investigation.

In the weeks since Target disclosed the breach, banks, credit unions and other card companies have canceled and reissued cards, closed accounts and refunded credit card holders for transactions made with the stolen data.

The Consumer Bankers Association said that its members have replaced over 17.2 million debit and credit cards as a result of the Target breach, at a cost of over $172 million.

Target has said its customers won't be responsible for any losses.
© Copyright 2016 AccessWDUN.com
All rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.
Judge denies motions to move, delay Tsarnaev trial
Lawyers for Boston Marathon bombing suspect Dzhokhar Tsarnaev asked a federal appeals court Wednesday to overturn a judge's decision to not move his upcoming trial out of state.
10:02PM ( 1 year ago )
High court to adopt electronic filing of cases
The Supreme Court is belatedly developing an electronic filing system similar to those used in courts around the country, Chief Justice John Roberts said Wednesday in his annual end-of-year report.
7:57PM ( 1 year ago )
Storm brings snow, cold to West for New Year's
A blustery winter storm dumped snow and ice across the West on Wednesday, making driving treacherous in the mountains from California to the Rockies and forcing residents and party-goers in some usually sun-soaked cities to bundle up for a frosty New Year's.
5:19PM ( 1 year ago )
U.S. News
State DOT awards $48M contract for NE Ga. road project
The state Department of Transportation has awarded a $47.8 million contract for nine miles of work on a northeast Georgia road.
9:37AM ( 1 year ago )
Business News
Grass fire impacts rush hour traffic on 985
Rush hour traffic on I-985 was slowed by a grass fire Wednesay afternoon with one lane closed while firefighters fought the blaze.
10:19PM ( 1 year ago )
Hall County conviction, sentencing to be reviewed by SCOGA
The State Supreme Court has agreed to hear the appeal of a Hall County man when they reconvene in January.
2:37PM ( 1 year ago )
Maysville man dies from Banks County wreck
The Georgia State Patrol reports that alcohol and/or drugs were factors a single-vehicle wreck that claimed the life of a Maysville man in Banks County Tuesday night.
11:07AM ( 1 year ago )
Local/State News
U.S, Cuba to resume commercial flights for 1st time in 50 years
The United States and Cuba will sign an agreement next week to resume commercial air traffic for the first time in five decades, starting the clock on dozens of new flights operating daily by next fall, U.S. officials said Friday.
By The Associated Press
9:35PM ( 1 day ago )
New details about the possible effects of the Zika virus on the fetal brain are emerging
WASHINGTON (AP) — New details about the possible effects of the Zika virus on the fetal brain emerged Wednesday as U.S. health officials say mosquito eradication here and abroad is key to protect preg...
6:22PM ( 3 days ago )
President Barack Obama is asking Congress for more than $1.8 billion in emergency funding to help fight the Zika virus
WASHINGTON (AP) — President Barack Obama is asking Congress for more than $1.8 billion in emergency funding to fight the Zika virus and the mosquitoes that spread it here and abroad, but says "there s...
10:40PM ( 5 days ago )
Search for Missouri couple wanted for crimes across the South, including Ga., ends with one suspect dead and the other wounded
A weeklong search for a Missouri couple wanted in a series of robberies and abductions across the South ended with one suspect dead and the other wounded Friday, after authorities say they chased the pair across the highway and through a rural neighborhood and exchanged gunfire with them in Florida's Panhandle.
By The Associated Press
9:57PM ( 1 week ago )
Cheap oil will be sticking around for a while, buoying consumers, frustrating oil producers
Cheap oil will be sticking around for a while.That reality is wreaking havoc and causing uncertainty for some governments and businesses, while creating financial windfalls for others. Less expensive...
6:18PM ( 1 week ago )