论文信息 - Breaking the Target: An Analysis of Target Data Breach and Lessons Learned

Breaking the Target: An Analysis of Target Data Breach and Lessons Learned

This paper investigates and examines the events leading up to the second most devastating data breach in history: the attack on the Target Corporation. It includes a thorough step-by-step analysis of this attack and a comprehensive anatomy of the malware named BlackPOS. Also, this paper provides insight into the legal aspect of cybercrimes, along with a prosecution and sentence example of the well-known TJX case. Furthermore, we point out an urgent need for improving security mechanisms in existing systems of merchants and propose three security guidelines and defenses. Credit card security is discussed at the end of the paper with several best practices given to customers to hide their card information in purchase transactions.

Danfeng Yao | Ke Tian | Xiaokui Shu | Andrew Ciambrone

[1] Charles Doyle,et al. Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws , 2010 .

[2] Mike Bond,et al. 2010 IEEE Symposium on Security and Privacy Chip and PIN is Broken , 2022 .

[3] Jorge L. Contreras. Developing a Framework to Improve Critical Infrastructure Cybersecurity (Response to NIST Request for Information Docket No. 130208119-3119-01) , 2013 .

[4] Lorrie Faith Cranor,et al. Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[5] Adrienne Porter Felt,et al. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness , 2013, USENIX Security Symposium.

[6] Steven J. Murdoch,et al. EMV: why payment systems fail , 2014, CACM.

[7] Ross J. Anderson,et al. Reading this may harm your computer: The psychology of malware warnings , 2014, Comput. Hum. Behav..