Have you ever been hacked? Would you even know if you were?
The massive Target breach put computer security center stage and has people concerned about the vulnerability of personal information. Hackers can find most any information they really want.
WSAV'S Florida sister station WFLA dug a little digger into the topic.
"I think everything is pretty vulnerable. A determined enough adversary with enough resources, skills and time, I think, can get into any system," said computer security expert and USF Professor Jeramy Rasmussen.
Rasmussen runs a "white hatters" computer club. White hatters are ethical hackers who work for the greater good. They try to find flaws in computer systems in order to improve security.
Black hatters break into computer systems for fun, or to commit crimes.
The hackers responsible for the Target breach put tens of millions of consumer credit and debit cards at risk. Two of Rasmussen's students at USF, Brad Trotter and Will Seed, were able to track down the actual malware used in the Target attack.
"The real difficult part of doing this kind of hack is actually getting the malware onto the system," according to Seed.
Target says an intruder stole a vendor's credentials and used them to gain access to Target's computer system. According to the investigative website KrebsOnSecurity, "the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers."
Once the malware was installed, the hackers took advantage with every swipe. According to Seed, the malware scanned the memory, found the credit card number and then sent it off to another computer. That's how the hackers gathered all of the data. It happened millions of times until it was finally detected.
"It's not the most sophisticated malware i've ever seen. The communications that went out weren't even encrypted or they were encrypted but not necessarily hidden," says Rasmussen.
That means that massive breach wasn't that hard to pull off. It was hard to detect because there was so much traffic going out from Target to card processing sites that it was like finding a needle in a hay stack.
Rasmussen says the most important thing consumers can do to protect themselves is to download updates as soon as they are available.
"The attacker only has to find one way in but the defender has to defend every way in. This is not a problem that is going away anytime soon," Rasmussen said.
Rasmussen suggests that consumers have layers of protection:
*A host-based intrusion detection program, so you will be alerted if you are hacked
Copyright 2014 WFLA. All rights reserved.
1430 East Victory Drive
Can't find something?
All content © Copyright 2000 - 2014 Media General Communications Holdings, LLC. A Media General Company.