Jan 14, 2014|
The big retail store Target initially said hackers stole 40 million pieces of customer identities, but now the number has reached 70 million, plus other major retailers have been hit. What happens to those credit cards, email address and credit lines after the theft and why does this continue to happen? How does an economy continue to operate in a system that seems to have limited security? Garland asks Hunter Ely, Chief Information & Security Policy Expert at Tulane University, how this is possible.
Should drug addiction in the city be treated as a health issue or drug issue? More deaths due to overdose in New Orleans than homicide. This hours guest: Dr. Jeffery Rouse - Orleans Parish Coronor
Bernie Sanders said he’s going to push his plan for a single-payer healthcare plan like Europe. He says Obamacare is costing us too much and the GOP can’t get their bill together to correct the problems. This hours guest: Michael Cannon - Director of Health Policy @ Cato Institute
OH CANADA! Could Canada be the next country to legalize recreational marijuana? Canada is proposing legislation that would legalize recreational marijuana by 2018. This hours guest: Chief Larry Kirk - Retired Chief ( Old Monroe Police Department, Missouri & member of LEAP (Law Enforcement Action Partnership)
Is an independent “select committee” necessary in the investigation of Russian hacking & possible collusion with Trump associates? This hours guest: Max Bergmann - Senior Fellow at Center for American Progress Steve Bucci - Director of the Allison Center for Foreign Policy Studies at the Heritage Foundation
Automatically Generated Transcript (may not be 100% accurate)
Going back cut something I've found more Hillary pursuing. Target remember them right before Christmas. Your. Or retail networks for breach by. Internet hackers. Well when -- -- and now -- -- -- that so we're those Neiman Marcus who was TJ Max who was juicy pinning. Targeted was not. The intention. Of the attack. Were forty million million million -- telephone numbers and email addresses got into the wrong hands. It was seventy million and supporting them. And observer and all this. Begin wonder. How did they do and wow was thought things were encrypted these days and in particular. Well all the -- about hackers a big retail outlook likeness. Would have security in place that would knock off in the attempts -- steeler information. And then I read some of the sub summed this up that happens to it. When -- -- -- -- states Allred then it -- a little scary to Broussard to get the experts were talking to a hundred Eli. Chief information security policy expert at -- -- appreciated -- -- -- thanks for having me appreciate it. What's. Number number one ports abort -- -- much reaper. Of of tried to understand exactly what was happening. The hackers got hold of rim scrapers right what is. -- scrapers and there's. There's a couple of different things here. What I believe they were using was chaos. That device to. Intercept the transaction they go your -- Q. -- the it is a way to get into the database in the rest of the -- that's just always pleased to get end. And the idea of rams -- I don't know necessarily. As the the right term here but the what they what they did was saying. Got into the into the network. Villa. Park there were being used at that moment and they were able. Adam what a brilliant says that it was done at point of single -- We'll play Bryant tried to improve record and he scraped it down we're all there. -- someone that does the original number I believe came from the fact they're pulling those numbers as they're coming across requirement. You often TV's then and -- In the service industry say and your credit card to someone to pay your bill at the restaurant. That person can then. Run that credit card through a terrible swipe device that keep their -- is a similar sort of idea. Same thing with -- ATM machines they've been -- these devices ATM machines to pull that data and they take advice. Later it stores everything within the device itself. So into I'm trying to do simple fun and vision is for people like me. -- I'm the target on movement of the store a walk up to the cash register. Give my credit card debt and the or Gordon the hackers sitting on the Internet do they have a device implanted in the cash register them when. I pulled it out and swiped it takes that information all the magnetic strip. It was cute things here one about the devices they use to. To intercept these credit cards are small enough nowadays that they can't actually in -- in -- -- in the device itself. And with the case -- him they actually installed right on top of the card reader that there and it looks like it's part of the machine. So that's part that the badly the other part of it is. It out we're gonna find out that there was some sort of inside attacks that allowed them to get -- that the bulk of those numbers I don't believe you can get. Forty million. Credit card numbers through through these physical Biden there's got to be somewhere had been active network it was it was likely be some compromise internal to their network. Everything their roots. From what they're seeing so for. The hackers set there where words sat there it is for eight months to a year trying to figure this out. Is there of -- if they didn't have been inside. That they didn't have a connection. They've given to a from inside the target in -- of the other major retailers. Could they do it electronically is that ever been done. I guess I'm a little unclear at union electronically they -- do it really good somewhere. If they didn't have somebody can target that OK here's a whole bunch of numbers war. Here's the the code to get in to where Brian to steal it. Is there any other path to other than inside information. Certainly certainly there's some that there's decided to call the advanced persistent threat to meet certain these threats that are that are typically. Run by large criminal organizations sometimes nation states and what they do is they'll send. You can -- now -- 81 you want out now as quick here to redeem your prize. If there's someone in within target within the secure network and part of that Alan. Some sort of email that infected their machines in that provide a conduit. For the for the criminal and then all those numbers right off that machine they can pull password that way they can get anything Obama anything that -- doing on that machine. All control points. And a lot of little -- them but apparently in particular. Eastern Europe. Is worthy attacks are coming from Romania in particular article today. Wall Street Journal about what's happening in Romania. And they interviewed people in Romania. In -- high school -- How well do it it's a way to make extra money and they talk about. Our card information being taken all of whoever hacked it. And then other cards being made you do of the same time and a multiple sit him 10205000. And pass all over the world. And wanna ask you. How does that affect office the consumer directly. We we're about are doomed to being stolen all the problems. Boy what are prior dinner trees out there are all over the world is at one time shot of eighteen minutes over. -- is something we worry about for a long time I think we've got Jennifer on the London can tell us. -- some of the abducted her Jennifer welcome I'm sure. It didn't change anything on my credit report because now they did was. And yet statement you know about effects. And a talk to me they they called me and tell me intact. Good god had put on my direct merchants sag card with a 121 dollar and target. How about close to my grand kids but they never change my. Number on my credit card. I had to put in a -- -- there and paid special number cuts. So nobody can music without being able to put different. There are reintroducing -- appreciate that call we have hurry Eli would this chief information security policy experts to England. Honor a jumper -- they basically said it -- picture of this -- census of one guy and -- One that hackers do you all the credit card -- -- at the numbers go on the black market. Through something called hard or harder CU or. Then people buy them. In baseball whether local court platinum card or that the fret over what the president -- that is. And what bank it's issued -- weathered two US thing they have different values. So people buy the cards what's the bottom the cards they turn him into actual physical play a few cards. All of the world the buy goods and services and then sell bogeys. On the black market. Happening ought to be Eastern Europe former Soviet republic southeast Asia Africa South America. So you've Jennifer card I'd get stolen. All this other stuff that happened so the card really deals in the practice. So when in in these cases because -- Carter markets have been an in place deeper deeper all well over a decade now on the and the idea is that. And they they get a much -- they can sell them to pennies on the dollar. Couple of interest -- things about this is that. You know from compliance standpoint target. By announcing that they've been act they've met their compliance -- -- -- met their insurance needs no doubt. But by announcing that they have they have put. They have devalued that those cards on the market. Because those cards there have already been marked as as. Suspicious. So. Stir up the consumer that's the good thing target announce that this is quickly if they can't. That puts that devalues the -- -- market and and they're less likely need to be used. Secondarily. Credit card companies are very good about. Dealing with these these types of fraud it. You know -- numbers goes up as spacious with them they've been -- them very very closely. When I think that often told people is that you know use your debit card as little as possible because if you can give credit transactions. That money stolen flight you can sometimes treated with -- -- Actions. It's somebody future debit -- number intent. That money can leave your account before you have have a chance to get it back. You know with the credit card you have a little bit -- a little bit more movement. But the bottom line is the target announcing that need the car market has been put on notice that they know which numbers are expected. But I'm also -- -- even though these retooled entities. Are required by law to reveal it. The majority -- didn't reveal -- in to a certain blogger. Assorted revealing what happened he got insider information than that when they came home. You think. A number of companies just on the basis of concern of stock prices. Have this kind of thing happen and don't let the public know about it. Well I think -- in any case like this these companies have -- they have to make a risk calculation within within the company about whether they want to. Stated today or next week they certainly. Buy insurance then and not settle regular you know federal regulatory requirements. They are required. To renounce this sort of thing if they know about it if if they don't mounts and -- later found out they -- they knew about that they'll be fine. Potentially hundreds of million dollars so. I think in in these cases. What you're seeing is an insider and can't see that that they want this announcement made and the risk and the people there and risk calculations within the company. Are are trying to slow them down so they figure out what the ultimate fallout would be. I think it the end of the day they they were gonna have to make that announcement sooner rather than later. Whether it's either you know insider. On the trigger now whether -- mimic the official announcement later. Well they must have good lawyers -- promotion says. Target only acknowledged back in 2013. And attacked chances security blogger Brian Krebs reported the breach. Neiman Marcus his globe -- nine days after another inquiry was released by threatens. Target injuries CP in the ink -- more than two years to admit they were victims in 2007. Of notorious hacker Albert Gonzales. And during his trial Gonzales is trial. The company is it represented. The company I mean via lawyers are represented company. Would not have been who didn't apply their clients. So it that that at least that report makes it sound like. It's not as transparent. As too often breed is an incorrect. Awed -- believe that that's completely TrueCrypt. Certainly has been a very well earned reputation. Her for having good sources in in having good information. What you're seeing here is that these companies may have some suspicion. What's going on that perhaps. Don't want to. Don't want to look into it too deeply because they don't want don't have some plausible the viability if they can if they can work that out. Certainly I think -- Internal of these companies has yet people who are seeing this as -- an opportunity to to to blow the whistle in some ways on the on the company's trying to downplay. These attacks. Company is starting to come around because again like that it it is gonna make this announcement the faster they can make this announcement. Indeed the quicker those cards are devalued on the black market in the and the better my chances are certainly down. Everybody's going to be breached at some point I think everybody in America probably has -- multiple times. It really depends on. How the car -- -- Carter market feels about the the power numbers they have you know. On the map the time that they elect those numbers are accurate -- they've thrown away and they try again. And and by making the announcement that goes along way devalue and app market. I would assume the truth be in the in group report one analysts -- read. City you blamed in large port on the magnetic pavement strip system. He sends more vulnerable and systems used by all of the countries around the world. That have Smart chips embedded in the credit cards at that. Absolutely correct yeah who wouldn't do. That's a good question I -- there's there's been some movement in that direction you know there's. There's there's a lot of pros and cons to moving to spark -- there's certainly more expensive. For the companies that but not not much. There hasn't been a whole lot of agreement on -- and how those. Smart chips in Iraq to you know between different types of readers. And I haven't been good agreement on how how those Smart -- -- Our access you know immediate and or not -- that the downside to march it is -- you don't have. If you have a pet on there you have a very simple and a person with a scanner within twenty to thirty feet of you can. King -- that -- coming different story the people sitting in airports scanning everybody that walks Miami getting taller car that there's definitely. Downsides to that a lot of other countries have. In Japan and South Korea for example have moved. More to a phone based payment system. And now they've they've been a little. You know they've they've been eliminated carton -- worked more on the security of the Smartphone themselves. And find that extremely curious of other countries seem to. Pretty good answer to what seemed like a major problem and did the men out. Four target loaned. Everything the -- says the as the going rate approached Poland card. Is about eighty dollars -- card seven million accounts compromised. That's a -- six billion dollars. And M we've got to refuel entities that are not copying other countries that use. A different process that seems to in the gained a lot of that's what -- in my ministry. Why you know one of the things I've kind of come to. When thinking about this is that these these companies are all insured and insurers are willing to cover this kind of a problem. And at the end of the day a -- like target will see what their insurance premium has -- what their deductible and then there -- to -- -- it's going to be. And and they make decisions. That was calculation. Insurance companies are gonna stand for much longer because it's gonna cost them too much extra is mobile to handle the -- the cost. Bottom -- even have our identities. And our numbers Euro all the old world on different chords with the same information. We have to worry about it that -- it sounds like moved with the they're like you said. Retailers -- insurers do and and we don't lose much. Well way back when I think about Devin hurt discredit I think that you you're running higher personal risk using. Debit transactions particularly that things like. The -- poppy you know they -- you have to use your debit card of course that. Anything where there's not a person involved stake in particular piece of equipment there that can scan your card that's the problem. Credit cards -- little more protected. Because the money is is -- flight not immediately remove your account. But it into the into the day. I think everybody needs to fit into their credit score they have to -- -- their count closely. You know we've seen a lot of cases over the years where people people's -- -- went. What is happening is they're getting DeVon at 1015 dollars a time on that amount that they don't know -- phenomenon that statement. I know get knocked for a long time that way. So wait you really have to pay close attention knowing the captain question everything that you don't understand. As far as these accounts go and time. It is but it sounds like were running to try to keep Pope with the technology that we've been Bennett. Thank you so much very interesting how far appreciated top. Buried -- chief information security policy expert to him what do you think too secure 170. You concerned about this do you think -- Jews getting through four out of others. That rear becoming the victim to -- 0170. Total pre its exit sedated in the zeroing in itself.