You are here

HomeBrandon Dimmel › Windows Blamed for Home Depot Hack; Execs Get Macs

Windows Blamed for Home Depot Hack; Execs Get Macs

Brandon Dimmel's picture
by Brandon Dimmel on November, 11 2014 at 08:11AM EST

The Home Depot recently revealed that its systems had been hacked, leaving approximately 56 million customer credit cards and 53 million email addresses vulnerable to cybercriminals. Now, the retailer is apparently blaming Microsoft's Windows operating system (OS) for its security vulnerabilities, and has reportedly switched many top-ranking employees to Macintosh computers and iPhones.

The Home Depot announced additional findings of its security breach on November 6, 2014. In the days that followed, customers whose data was affected received an email from the company, which read: "Criminals used a third-party vendor's user name and password to enter the perimeter of Home Depot's network ... The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada." (Source: homedepot.com)

Home Depot Alerted by Secret Service

The Home Depot did not learn of the security breach until notified by the U.S. Secret Service, which told the retailer that hackers were selling stolen credit card numbers on the black market. The Home Depot then initiated an investigation which revealed that malware had been installed on a store computer, and then later deleted it. (Source: bgr.com)

Now, new reports suggest the hackers behind the attack gained access to the retailer's systems by exploiting a security flaw in Microsoft Windows. Although that vulnerability has reportedly since been patched, The Home Depot has taken recent action to ensure its highest-ranking employees are no longer using Windows. According to The Wall Street Journal, The Home Depot's IT department recently purchased several dozen secure iPhones and MacBooks for senior-level executives.

Experts Skeptical About iOS, OS X "Invulnerability"

But experts, including Network World's 'Ms. Smith', point out that a switch to iOS and Mac devices won't guarantee the safety of The Home Depot's data. "It's not like OS X and iOS are invulnerable," Smith says. "Windows may be used by more businesses, making it low-hanging fruit targeted by more attackers, but it's now a myth to claim that increasingly popular Apple products are exempt from exploitation. OS X and iOS malware is here to stay." (Source: networkworld.com)

Smith points to Wirelurker, a type of malware created specifically for OS X and iOS, as evidence that Apple systems are not invulnerable to attack. (Source: paloaltonetworks.com)

Home Depot Hack Still Under Investigation

The hack on Home Depot is said to have happened in April of this year, but wasn't widely reported in the media until September. (Source: cbc.ca) The incident is still under investigation and follows a similar case involving Target, which was infiltrated by hackers in December 2013. In the latter case, payment and personal data from an expected 70 million customers was stolen.

What's Your Opinion?

Do you believe that all corporate executives and those responsible for sensitive data use non-Windows systems? Have you ever purchased an Apple device because you believed it was less likely to be hacked? Is it about time that people start believing that the days of iOS and OS X "invulnerability" are over?

Filed under:
Security
| Tags:
home depot
,
hackers
,
security
,
systems
,
ios
,
os
,
data
,
malware
,
windows
,
cybercriminals
Rate this article: 
Average: 4.8 (6 votes)

Comments

Dennis Faas's picture

Submitted by Dennis Faas on Tue, 11/11/2014 - 10:04

Operating systems are nothing more than software programs (code) that are written by human beings. Human beings are imperfect and prone to error. Therefore, all operating systems are inherently flawed.

MS Windows is especially prone to attack because:

a) more people in the world (especially businesses) use Windows and Windows-based software, compared to Macs. This is especially true in North America

b) hackers / attackers focus on Windows because it's more profitable - whether it's a result of an operating system exploit or user error RE: (a)

c) many editions of Windows run processes as a super user / administrator and are therefore easy to exploit

Switching to a 'more secure' operating system might help to deflect some attacks, but if the operating system has flaws, and if the user is responsible for allowing the exploit, it won't do much to keep the bad guys out.

JimB's picture

Submitted by JimB on Tue, 11/11/2014 - 11:53

I believe that Home Depot is not being fully forthcoming about the integrity of their systems. About 2 years ago I made 2 visits to a local HD store for work. Within 30 minutes of using my credit card at a self check out kiosk I had fraudulent charges. Thankfully AMEX monitors the usage and contacted me.

Was the kiosk hacked?
Was the local wifi compromised?
Was there a skimmer on the unit?

These are all possible avenues, but since the second time this happened, if I have to go to Home Depot I will only pay cash.

And the thought that the top level execs are the point of compromise says a few things:
1) Do the Sr Execs at Home Depot have access to the Credit systems?
2) Are the Sr Execs granted more rights than they actually need?
3) Or are the Sr Execs at Home Depot the security weak point?

Sounds like an IT Audit is dearly needed

LouisianaJoe's picture

Submitted by LouisianaJoe on Tue, 11/11/2014 - 15:44

It is the integrity of the data. The data was not encrypted and the security of the database was breached.

Credit card data should be encrypted and should be split in to multiple pieces stored on different servers.

matt_2058's picture

Submitted by matt_2058 on Wed, 11/12/2014 - 13:28

I'm pretty sure HD was the reason my card was compromised. I find it interesting the article mentions 3rd party access to their system as the path taken.

Also, it is no wonder that email addresses have been compromised. I contacted HD Customer Service LAST YEAR about linking my separate accounts. The problem was that I made a purchase in-store with one credit card. I later received an email about the purchase. HD linked the cards I use in-store with my HD Online account, which I use one card for so I can keep things separate.

HD Customer Service and the CS supervisors could not comprehend why this is a problem. Maybe now they get it. At a minimum, purchases may be seen by an an unintended party, be it a spouse who thinks you already have enough tools or the spouse buying tools as a gift!

stekcapofni's picture

Submitted by stekcapofni on Thu, 11/13/2014 - 12:30

Reports I have read about this breach in the Wall Street Journal indicate that it was due to a stolen vendor password. No operating system is secure against that.

And hackers, for the most part, are only going to spend their time exploiting the most prevalent operating systems and browsers.

Apple OSes are "protected" simply by Windows being so dominant on the network.

Moving some of the executives to Macs is essentially doing nothing. I guess it makes the execs feel better.

Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.