IE 11 is not supported. For an optimal experience visit our site on another browser.

Malware Used in Target Data Breach 'New to eCrime,' Report Says

Data obtained from cash registers before being encrypted, says report prepared for Secret Service obtained by NBC News.
By Jeff Rossen and Tom Winter

A 17-page report from a computer firm hired to look into the massive data breach at Target stores provides new insight into the holiday hacking that endangered data for more than 100 million customers.

The report, from computer firm iSight, was filed to the U.S. Secret Service and obtained by NBC News. It details the type of software used in the massive hack, how it was effective and mentions regions known to have the software coding prowess to pull off this kind of digital heist.

The report however does not draw conclusions on who is ultimately responsible for the attack that scooped up credit and debit card data for tens of millions of customers, citing an active U.S. government investigation.

The data breach was caused by a type of malware, similar to a computer virus, placed in a store's point-of-sale systems, it said.

"While some components of the breach operation were technically sophisticated, the operational sophistication of the compromise activity makes this case stand out," according to the iSight report. "The intrusion operators displayed innovation and a high degree of skill in orchestrating the various components of the activity."

The report details specific regions where software capabilities exist to create the malware.

"Memory scraping capabilities has been available in the Russian-language underground for some time," the report reads. "While Eastern Europe has been the focal point for POS malware development and use, cyber criminals in Brazil have used the technique since at least 2009. Globally, this trend will probably continue because malware offers important cost and risk advantages over hardware skimming techniques."

Here's how the malware works, according to the report: The insidious file triggers a "hook" and starts to suck up information on transactions in the memory of the cash register system or the server that controls it. Since the data on credit cards is encrypted, the system works by getting it in the authorization stage while it is in the memory of the POS system, unencrypted.

The tactic used during the Target holiday hackers is "new to eCrime," the report says, and "covertly subverts network controls and common forensic tactics to conceal all data transfers."

The report concludes that since this style of POS hacking can net big rewards for the cyber crooks with little risk, cardholders can expect more of this type of breach.

NBC News' Matthew DeLuca contributed to this report.

Jeff Rossen

Rossen is a national investigative correspondent for NBC News. He contributes to all NBC News programs and platforms including "TODAY," "Nightly News with Brian Williams," MSNBC, NBCNews.com, NBC News Radio and the network's mobile properties in addition to reporting for WNBC.

Rossen joined NBC News in September 2008 from WABC-TV in New York where he had been a reporter and fill-in anchor for the Eyewitness News team since May 2001.  During his time at WABC, Rossen covered stories around the globe, including the terrorist bombings in London, the Virginia Tech Massacre, the 2012 Summer Olympics bidding process, the crash of the Space Shuttle Columbia in Texas, the arrest and child molestation trial of Michael Jackson and the World Trade Center attacks in New York on 9/11. 

Rossen began his broadcasting career in radio at WBLI-FM on Long Island, N.Y.  He made the transition from radio to local television as a reporter for ABC affiliate WUTR-TV in Utica, N.Y.  Rossen then moved on to report for ABC affiliate WIXT-TV in Syracuse, N.Y., and then Fox affiliate WJBK-TV in Detroit, Mich.

He earned an Emmy Award for deadline news writing and has also received an award from the U.S. Justice Department for a special report on crime victims.

Rossen graduated from the Newhouse School of Public Communications at Syracuse University.  He grew up on Long Island and currently resides in New Jersey.

Tom Winter

Tom Winter is a New York-based correspondent covering crime, courts, terrorism and financial fraud on the East Coast for the NBC News Investigative Unit.