3Qs: Target’s security breach

December 23, 2013

Last week, the retail giant Target expe­ri­enced an unprece­dented data secu­rity breach and the debit and credit card infor­ma­tion of up to 40 mil­lion accounts was stolen. The cause of the secu­rity breach, one of the largest credit card breaches in U.S. his­tory, is still under inves­ti­ga­tion. Here Engin Kirda, the Sy and Laurie Stern­berg Asso­ciate Pro­fessor for Infor­ma­tion Assur­ance in the Col­lege of Com­puter and Infor­ma­tion Sci­ence, dis­cusses the breach and how cyber­at­tacks have evolved in recent years.

This breach is quite unique in the sense that it’s one of the largest breaches we have heard of to date. The fact that criminals have gained access to up to 40 million credit and debit card numbers in one single security incident is something that has not been very common until now. Still, we do not exactly know all the details of the Target breach right now. If the attack was a remote compromise (i.e., the attackers managed to remotely compromise and gain access to the stored information), there does exist research work that tries to make such breaches more difficult. In fact, some of our work focuses on securing systems (i.e., automatically finding and fixing security bugs) so that such breaches become more difficult to exploit by attackers.

Hacking systems have become more financially-motivated in recent years. Whereas in the past, hackers were mainly interested in breaking into systems for “fun,” most cybercrime today is actually well-organized and the cybercriminals are aiming to make money. Also, since we are networked and Internet-dependent now more than ever, we are hearing more about such incidents than in the past.

The short answer to the first question is yes. It is highly probable that we will be hearing more and more about cyberattacks of this magnitude. Today’s attackers remain a step ahead of the defenders, and most of the security technology we are using out there is quite outdated. Luckily, there is quite a bit of research going on in this domain, and we have started to see interesting technologies and ideas emerge that, hopefully, will be a game changer and help keep cybercrime in check. Unfortunately, whenever you use your card, you are at the mercy of the merchant for keeping your information secure. As a customer, there is not much you can do, other than check your bank account regularly and make sure there are no fraudulent charges on your card.