IE 11 is not supported. For an optimal experience visit our site on another browser.

Malware Used in Target Data Breach 'New to eCrime,' Report Says

Data obtained from cash registers before being encrypted, says report prepared for Secret Service obtained by NBC News.

A 17-page report from a computer firm hired to look into the massive data breach at Target stores provides new insight into the holiday hacking that endangered data for more than 100 million customers.

The report, from computer firm iSight, was filed to the U.S. Secret Service and obtained by NBC News. It details the type of software used in the massive hack, how it was effective and mentions regions known to have the software coding prowess to pull off this kind of digital heist.

The report however does not draw conclusions on who is ultimately responsible for the attack that scooped up credit and debit card data for tens of millions of customers, citing an active U.S. government investigation.

The data breach was caused by a type of malware, similar to a computer virus, placed in a store's point-of-sale systems, it said.

"While some components of the breach operation were technically sophisticated, the operational sophistication of the compromise activity makes this case stand out," according to the iSight report. "The intrusion operators displayed innovation and a high degree of skill in orchestrating the various components of the activity."

The report details specific regions where software capabilities exist to create the malware.

"Memory scraping capabilities has been available in the Russian-language underground for some time," the report reads. "While Eastern Europe has been the focal point for POS malware development and use, cyber criminals in Brazil have used the technique since at least 2009. Globally, this trend will probably continue because malware offers important cost and risk advantages over hardware skimming techniques."

Here's how the malware works, according to the report: The insidious file triggers a "hook" and starts to suck up information on transactions in the memory of the cash register system or the server that controls it. Since the data on credit cards is encrypted, the system works by getting it in the authorization stage while it is in the memory of the POS system, unencrypted.

The tactic used during the Target holiday hackers is "new to eCrime," the report says, and "covertly subverts network controls and common forensic tactics to conceal all data transfers."

The report concludes that since this style of POS hacking can net big rewards for the cyber crooks with little risk, cardholders can expect more of this type of breach.

NBC News' Matthew DeLuca contributed to this report.