GLOBAL. A sprawling new digital landscape has been laid out before us, and with that new landscape comes threats from unfamiliar fronts–fronts that occupy not the realm of the physical world, but rather the depths of cyber-space. Target, Neiman Marcus and at least three other U.S. retailers were the subjects of cyber-attacks throughout mid-December, in which hackers obtained credit card and personal information, including addresses, phone numbers and e-mail addresses. With regard to Target, reports now indicate that the information of at least 70 million customers has been stolen, with a potential 110 million in total. This is certainly not the first time such an attack has occurred; however, the unprecedented scale and sophistication make this series of breaches particularly disturbing. It’s clear that these threats have broad implications for the future of the U.S. economy, and in turn, the global community.
How did they do it? According to Reuters, one of the techniques involves the use of a piece of software called a RAM scraper, which allows hackers to capture encrypted data when it travels in plain-text through the live memory of a computer. Investigators now believe that an earlier series of similar attacks was carried out as a means to test and improve methods later used against Target. A computer firm known as iSight, hired to investigate the Target breaches, came out with a report noting the exceptional level of sophistication behind the Target hacking.
Target is currently offering affected customers a year of free credit monitoring by Experian. They are also notifying customers via e-mail if their personal information has been compromised, provided that Target has their e-mails. Neiman Marcus announced they are working with both the Secret Service and a private digital forensics investigation firm in order to determine the extent of the damage caused. The company released a formal statement, ensuring customers that the threat has been contained, and that they are taking measures to make things right for affected customers. But the damage caused by these attacks may not be so easily undone. The Chicago Tribune reports that hackers have not only obtained personal information from the time frame of the attack, they may have also collected any information given to the company by customers dating much further back than the attacks themselves. This aspect of the breach may have consumers thinking twice when asked to give their e-mail address and other personal information for loyalty programs such as those carried out by Target.
Furthermore, it’s still up for debate as to whether retailers warned customers quickly enough. Neiman Marcus first learned of the breach about a month before revealing it to the public, though it should be noted that revealing such information immediately could compromise ongoing investigation efforts. Yet, customers affected by the breach will not take much solace in that. And of course, the more cynical explanation for the company’s delay is simply that they did not want to cause a panic during the rush of the holiday season. Considering the increasing frequency of these kinds of breaches, it would behoove businesses–especially those that find themselves with large sets of personal information entrusted to them–to develop a precise set of protocols in the interest of public good, rather than short term profit motives, in the case that such an attack occurs.
With the data breach of a high-end luxury retailer such as Neiman Marcus corresponding with the same kind of attack on a relatively low-end retail chain like Target, one thing is clear: threats of this nature transcend class distinctions. We are all vulnerable to the clever whims of cyber criminals. Whether they operate in large illicit networks, or through acts of a single man with a cheap laptop on the other side of the world, cyber-crime is a new manifestation of the darker nature in humanity. Where before this darkness may have presented itself in scams and traditional robberies, technology increasingly presents new avenues with which to steal, lie, manipulate and damage. As a general rule of thumb, if something can be exploited, it will be.