Reference no: EM132828734
Hackers Infiltrate Target
In late 2013, in response to speculation from industry experts and security professionals, Target confirmed that it had been the victim of a data breach that had compromised approximately 40 million consumer credit and debit cards. Target later admitted that other personal information such as mailing addresses, phone numbers, and e-mail addresses had been stolen for an additional 70 million people, bringing the total of affected customers to 110 million. Hackers had reportedly gained access to the full set of information corresponding to each stolen credit card, including names, card numbers, expiration dates, and CVV codes, as well as the PIN data for debit cards. Although Target claimed that these PIN numbers were encrypted and were still secure, the company advised customers who had shopped at Target during the time frame of the attack to monitor their credit and debit cards for suspicious activity. In the immediate wake of the breach, customers quickly reported fraudulent charges from Russia and other countries across the world.
The attack took place over the course of several weeks during November and December of 2013, after hackers used network credentials stolen from a heating and air conditioning company that was a Target subcontractor, and installed malware within Target's security and payments system. The malware was a simplistic programme that was created to steal card information and to reroute it to external servers. Anytime a customer swiped their card, the malware would grab the card's identifying information and store it on an internal Target server controlled by hackers.
(Source: Kenneth C. Laudon and Carol Guercio Traver, E-Commerce 2015 business-technology-society 10th edition, Pearson: 2015: p.p.255-256 )
Question A1
You are required to answer the following questions based on the above article:
i. Critically analyse TWO (2) types of malware that may have been used by hackers to steal Target's online information. Support your answer with relevant examples.
ii. Critically discuss the method of hacking used by hackers in Target's database. Support your answer with relevant examples.
iii. Critically discuss ONE (1) type of encryption method that could have been implemented by Target in securing its online data. Support your answer with relevant examples.
Question A2
Critcally analyse the concepts of Secure Socket Layer (SSL) and Secure Electronic Transfer (SET), and how they integrate in securing online payment system. Support your answer with relevant examples.