Tuesday, September 2, 2014
FAIRFIELD-SUISUN, CALIFORNIA
99 CENTS

Hackers may have used Pa. company to hit Target

By
February 08, 2014 |

NEW YORK — The hackers who stole millions of customers’ credit and debit card numbers from Target may have used a Pittsburgh-area heating and refrigeration business as the back door to get in.

If that was, in fact, how they pulled it off — and investigators appear to be looking at that theory — it illustrates just how vulnerable big corporations have become as they expand and connect their computer networks to other companies to increase convenience and productivity.

Fazio Mechanical Services Inc., a contractor that does business with Target, said in a statement Thursday that it was the victim of a “sophisticated cyberattack operation,” just as Target was. It said it is cooperating with the Secret Service and Target to figure out what happened.

The statement came days after Internet security bloggers identified the Sharpsburg, Pa., company as the third-party vendor through which hackers penetrated Target’s computer systems.

Target has said it believes hackers gained access to its vast computer network through one of its vendors. Once inside, the hackers installed malicious software in Target’s checkout system for its estimated 1,800 U.S. stores.

Experts believe the thieves gained access during the busy holiday season to about 40 million debit and credit card numbers and the personal information — including names, email addresses, phone numbers and home addresses — of as many as 70 million customers.

Cybersecurity analysts had speculated that Fazio may have remotely monitored heating, cooling and refrigeration systems for Target, which could have provided a possible entry point for the hackers. But Fazio denied that, saying it uses its electronic connection with Target to submit bills and contract proposals.

The new details illustrate what can go wrong with the far-flung computer networks that big companies increasingly rely on.

“Companies really have to look at the risks associated with that,” said Ken Stasiak, CEO of SecureState, a Cleveland firm that investigates data breaches. Stasiak added that industry regulations require companies to keep corporate operations such as contracts and billing separate from consumer financial information.

Stasiak emphasized that the thieves would have still needed to do some serious hacking to move through Target’s computer network and reach the checkout system.

Chester Wisniewski, senior security adviser for the computer security firm Sophos, said that while it may seem shocking that Target’s systems are that connected, it is a lot cheaper for a company to manage one network rather than several.

He added that while retailers are supposed to keep consumer information separate, they are not required to house it on a separate network.

Still, he said he was extremely surprised to hear that the hackers may have gotten in via a billing system, saying those kinds of connections are supposed to provide extremely limited access to the other company’s network.

As a result, while the hackers were clearly talented, it’s obvious something went wrong on Target’s end, he said.

“If normal practices were followed, they wouldn’t have been able to get access,” Wisniewski said.

Secret Service spokesman Brian Leary confirmed that investigators are looking into the attack at Fazio Mechanical Services, but wouldn’t provide details. Molly Snyder, spokeswoman for Minneapolis-based Target, would not comment.

Federal prosecutors in Pittsburgh referred calls to their counterparts in Minnesota, who would not discuss the investigation.

In the weeks since Target disclosed the breach, banks, credit unions and other card companies have canceled and reissued cards, closed accounts and refunded credit card holders for transactions made with the stolen data.

The Consumer Bankers Association said that its members have replaced over 17.2 million debit and credit cards as a result of the Target breach, at a cost of over $172 million.

Target has said its customers won’t be responsible for any losses.

Maureen Fissolo

LEAVE A COMMENT

Discussion | No comments

The Daily Republic does not necessarily condone the comments here, nor does it review every post. Read our full policy

.

Solano News

Labor Day not a holiday for everyone

By Amy Maginnis-Honey | From Page: A3, 2 Comments | Gallery

 
Labor Day breakfast introduces union-backed candidates

By Susan Hiland | From Page: A3, 2 Comments | Gallery

Pool provides last dose of summer fun in the sun

By Amy Maginnis-Honey | From Page: A3 | Gallery

 
SafeQuest schedules peer counseling training course

By Susan Hiland | From Page: A5

 
Fairfield police log: Aug. 31, 2014

By Susan Hiland | From Page: A12

 
Suisun City police log: Aug. 31, 2014

By Susan Hiland | From Page: A12

Suisun City police log: Aug. 30, 2014

By Susan Hiland | From Page: A12

 
Fairfield police log: Aug. 30, 2014

By Susan Hiland | From Page: A12

.

US / World

VP Biden says workers deserve ‘fair share’

By The Associated Press | From Page: , 3 Comments | Gallery

 
Obama: ‘Revving’ economy calls for higher wages

By The Associated Press | From Page: , 3 Comments | Gallery

Senegal monitors contacts of 1st Ebola patient

By The Associated Press | From Page:

 
San Francisco to be 1st to test urban farming law

By The Associated Press | From Page:

GOP challenger tries novel tactics against Brown

By The Associated Press | From Page: | Gallery

 
US eating habits improve a bit – except among poor

By The Associated Press | From Page: , 3 Comments | Gallery

 
No gray area: Beliefs shape views of Brown killing

By The Associated Press | From Page: , 1 Comment | Gallery

Americans detained in North Korea call for US help

By The Associated Press | From Page: | Gallery

 
Iraqi prime minister pledges to root out militants

By The Associated Press | From Page: | Gallery

Poland’s PM: Ukraine’s war must be stopped now

By The Associated Press | From Page: | Gallery

 
Pro-Russian rebels lower demands in peace talks

By The Associated Press | From Page: , 2 Comments | Gallery

US helicopter crashes in Gulf of Aden; all rescued

By The Associated Press | From Page:

 
.

Living

Community Calendar: Sept. 2, 2014

By Susan Hiland | From Page:

 
.

Entertainment

Inquiries begin into nude celebrity photo leaks

By The Associated Press | From Page: | Gallery

 
‘Guardians’ tops Labor Day, summer box office

By The Associated Press | From Page: | Gallery

TVGrid

By Daily Republic Syndicated Content | From Page: A11

 
.

Sports

Kirk rallies to win the Deutsche Bank

By The Associated Press | From Page:

 
Rockies top Giants after losing end of suspended game

By The Associated Press | From Page:

Dunn homers in 1st at-bat as A’s top Mariners

By The Associated Press | From Page:

 
Right guard Boone passes physical, rejoins 49ers

By The Associated Press | From Page:

Raiders name rookie Derek Carr as starting QB

By The Associated Press | From Page: B1

 
Armijo beats Vanden 2-0 to claim All-City boys soccer title

By Brian Arnold | From Page: B1 | Gallery

Armed with new deal, Chiefs’ Smith looks forward

By The Associated Press | From Page:

 
Column: Stewart’s Chase status doesn’t matter

By The Associated Press | From Page:

 
Raiders ink CB Dowling, 9 others to practice squad

By The Associated Press | From Page:

Serena Williams, Djokovic roll to US Open quarters

By The Associated Press | From Page:

 
Houston Astros fire manager Bo Porter

By The Associated Press | From Page:

Hamels, 3 Phillies relievers no-hit Braves

By The Associated Press | From Page:

 
.

Business

Markets drift as Wall Street has day off

By The Associated Press | From Page:

 
Austerity debate flares as Europe recovery fades

By The Associated Press | From Page: | Gallery

Civil disobedience expected in fast-food pay fight

By The Associated Press | From Page: , 8 Comments | Gallery

 
.

Obituaries

.

Comics

Beetle Bailey Sept 2

By Daily Republic Syndicated Content | From Page: B6

 
Zits Sept 2

By Daily Republic Syndicated Content | From Page: B6

Wizard of Id Sept 2

By Daily Republic Syndicated Content | From Page: B6

 
Sally Forth Sept 2

By Daily Republic Syndicated Content | From Page: B6

Bridge Sept 2

By Daily Republic Syndicated Content | From Page: B7

 
Blondie Sept 2

By Daily Republic Syndicated Content | From Page: B6

Rose is Rose Sept 2

By Daily Republic Syndicated Content | From Page: B6

 
Get Fuzzy Sept 2

By Daily Republic Syndicated Content | From Page: B6

Sudoku Sept 2

By Daily Republic Syndicated Content | From Page: B7

 
B.C. Sept 2

By Daily Republic Syndicated Content | From Page: B6

Baldo Sept 2

By Daily Republic Syndicated Content | From Page: B6

 
Frank and Ernest Sept 2

By Daily Republic Syndicated Content | From Page: B6

Crossword Sept 2

By Daily Republic Syndicated Content | From Page: B7

 
Dilbert Sept 2

By Daily Republic Syndicated Content | From Page: B6

For Better or Worse Sept 2

By Daily Republic Syndicated Content | From Page: B6

 
Peanuts Sept 2

By Daily Republic Syndicated Content | From Page: B6

Cryptoquote Sept 2

By Daily Republic Syndicated Content | From Page: B7

 
Garfield Sept 2

By Daily Republic Syndicated Content | From Page: B6

Word Sleuth Sept 2

By Daily Republic Syndicated Content | From Page: B7