Target hackers hit air-conditioning firm first as a way in

Summary:A compromised refrigeration and air-conditioning company may be the starting point to one of the worst security breaches in the US.

The hackers that broke into Target's network and lifted millions of payment card numbers used a local cooling and heating company's credentials to pull off the heist.

One the US's biggest breaches has been traced back to a supplier of refrigeration and air-conditioning equipment and services for retailers.

According to security reporter Brian Krebs, people involved in the Target investigation claim that before hacking into Target's network — which allowed them to install malware on the retailer's point of sale machines —they hacked one of Target's suppliers, a Pennsylvania-based company.

Target has declined to confirm the details in the report. "Because this is a very active and ongoing investigation, I don't have any additional details at this time," a Target spokesperson told ZDNet.  

Last week, Target told reporters that its forensic investigation indicated the hackers gained access to its system via "a vendor's credentials" without clarifying the specific supplier or system.

An unnamed security expert told Krebs that one reason a refrigeration supplier would have remote access credentials to Target's network is that they often also supply temperature and energy monitoring services to ensure stores stay within an acceptable range. While the monitoring system itself sits within Target's network, vendors that support them often require remote access to fix bugs or apply patches to the systems.

The report also sheds more light on when the hackers first installed the POS and how they moved the credit card details out.

Investigators told Krebs the hackers initially installed their card stealing malware to a small number of Target's cash registers between November 15 and 28. (That's a few weeks before the breach was initially thought to have begun , and nearly a month after Target confirmed it had happened.)

That two week period allowed testing to occur ahead of the full scale rollout to the the majority of Target's POS devices, which was complete by the end of November.

While the hackers are suspected to be located in Eastern Europe or Russia, they also used drop servers in the US and Brazil from where they picked up the stolen data.

Security company Mandiant issued a report late last year noting an increase since 2012 in the number of breaches at outsourcers and managed service providers, exploiting their privileges to gain access to a primary target.

ZDNet has asked Target for comment on the story, and will update the article if it receives one.

More on the Target breach

Topics: Security


Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.