They said it in the news coverage, and in recent congressional hearings. Retail executives used the same phrase as they explained why cyber thieves were able to breach their networks.
“It was a very sophisticated attack,” according to top executives at Target, Neiman Marcus, and other companies who find themselves in the spotlight.
Google the phrase “sophisticated attack,” and you’ll get more than 56 million results.
Here’s the truth. Sophisticated cyber attacks are extremely rare. In virtually all cases, forensic examinations reveal stunningly simple causes. Most breaches are ultimately traced to a well-known range of attacks, with a reasonably effective regimen to hold them at bay.
This was true in the Target breach, which shut down millions of credit accounts during the week before Christmas. The Target attackers gained access to the company’s network using a weak password belonging to one of Target’s vendors. Target apparently granted network access to Fazio Mechanical Services, but didn’t require Fazio’s password to meet standards set by the credit card industry, according to news reports.
Strong passwords are the simplest of all security measures. And what did Fazio Mechanical Services say about its role when the company released a formal statement to the press? Fazio said it had been the “victim of a sophisticated cyber attack.”
Habeas Hard Drive believes plaintiff’s attorneys could shred this defense without breaking a sweat. These words are meant to deflect liability, but you can see right through them when they’re held up to the light. Habeas Hard Drive would demand forensic evidence of a “very sophisticated attack,” and it’s likely that none could be produced.
ALSO: Read about indications that Target had warnings from IT staffers about potential network vulnerabilities in this Wall Street Journal story.