3Qs: Target’s security breach

Engin Kirda

Last week, the retail giant Target experienced an unprecedented data security breach and the debit and credit card information of up to 40 million accounts was stolen. The cause of the security breach, one of the largest credit card breaches in U.S. history, is still under investigation. Here Engin Kirda, the Sy and Laurie Sternberg Associate Professor for Information Assurance in the College of Computer and Information Science, discusses the breach and how cyberattacks have evolved in recent years.

How does this breach compare in size, scale, and substance to others in recent years? Is there anything unique about this particular incident?

This breach is quite unique in the sense that it’s one of the largest breaches we have heard of to date. The fact that criminals have gained access to up to 40 million credit and debit card numbers in one single security incident is something that has not been very common until now.

Still, we do not exactly know all the details of the Target breach right now. If the attack was a remote compromise (i.e., the attackers managed to remotely compromise and gain access to the stored information), there does exist research work that tries to make such breaches more difficult. In fact, some of our work focuses on securing systems (i.e., automatically finding and fixing security bugs) so that such breaches become more difficult to exploit by attackers.

How have hacking schemes evolved in recent years, and what new challenges do they present?

Hacking systems have become more financially-motivated in recent years. Whereas in the past, hackers were mainly interested in breaking into systems for “fun,” most cybercrime today is actually well-organized and the cybercriminals are aiming to make money. Also, since we are networked and Internet-dependent now more than ever, we are hearing more about such incidents than in the past.

Since people are increasingly relying on the Internet to shop and store information, can we expect breaches of this magnitude to happen more often? Is security technology keeping pace with the hackers, and what steps can consumers take to protect themselves?

The short answer to the first question is yes. It is highly probable that we will be hearing more and more about cyberattacks of this magnitude. Today’s attackers remain a step ahead of the defenders, and most of the security technology we are using out there is quite outdated. Luckily, there is quite a bit of research going on in this domain, and we have started to see interesting technologies and ideas emerge that, hopefully, will be a game changer and help keep cybercrime in check.

Unfortunately, whenever you use your card, you are at the mercy of the merchant for keeping your information secure. As a customer, there is not much you can do, other than check your bank account regularly and make sure there are no fraudulent charges on your card.