Windows Blamed for Home Depot Hack; Execs Get Macs

Brandon Dimmel's picture

The Home Depot recently revealed that its systems had been hacked, leaving approximately 56 million customer credit cards and 53 million email addresses vulnerable to cybercriminals. Now, the retailer is apparently blaming Microsoft's Windows operating system (OS) for its security vulnerabilities, and has reportedly switched many top-ranking employees to Macintosh computers and iPhones.

The Home Depot announced additional findings of its security breach on November 6, 2014. In the days that followed, customers whose data was affected received an email from the company, which read: "Criminals used a third-party vendor's user name and password to enter the perimeter of Home Depot's network ... The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada." (Source: homedepot.com)

Home Depot Alerted by Secret Service

The Home Depot did not learn of the security breach until notified by the U.S. Secret Service, which told the retailer that hackers were selling stolen credit card numbers on the black market. The Home Depot then initiated an investigation which revealed that malware had been installed on a store computer, and then later deleted it. (Source: bgr.com)

Now, new reports suggest the hackers behind the attack gained access to the retailer's systems by exploiting a security flaw in Microsoft Windows. Although that vulnerability has reportedly since been patched, The Home Depot has taken recent action to ensure its highest-ranking employees are no longer using Windows. According to The Wall Street Journal, The Home Depot's IT department recently purchased several dozen secure iPhones and MacBooks for senior-level executives.

Experts Skeptical About iOS, OS X "Invulnerability"

But experts, including Network World's 'Ms. Smith', point out that a switch to iOS and Mac devices won't guarantee the safety of The Home Depot's data. "It's not like OS X and iOS are invulnerable," Smith says. "Windows may be used by more businesses, making it low-hanging fruit targeted by more attackers, but it's now a myth to claim that increasingly popular Apple products are exempt from exploitation. OS X and iOS malware is here to stay." (Source: networkworld.com)

Smith points to Wirelurker, a type of malware created specifically for OS X and iOS, as evidence that Apple systems are not invulnerable to attack. (Source: paloaltonetworks.com)

Home Depot Hack Still Under Investigation

The hack on Home Depot is said to have happened in April of this year, but wasn't widely reported in the media until September. (Source: cbc.ca) The incident is still under investigation and follows a similar case involving Target, which was infiltrated by hackers in December 2013. In the latter case, payment and personal data from an expected 70 million customers was stolen.

What's Your Opinion?

Do you believe that all corporate executives and those responsible for sensitive data use non-Windows systems? Have you ever purchased an Apple device because you believed it was less likely to be hacked? Is it about time that people start believing that the days of iOS and OS X "invulnerability" are over?

Rate this article: 
Average: 4.8 (6 votes)

Comments

Dennis Faas's picture

Operating systems are nothing more than software programs (code) that are written by human beings. Human beings are imperfect and prone to error. Therefore, all operating systems are inherently flawed.

MS Windows is especially prone to attack because:

a) more people in the world (especially businesses) use Windows and Windows-based software, compared to Macs. This is especially true in North America

b) hackers / attackers focus on Windows because it's more profitable - whether it's a result of an operating system exploit or user error RE: (a)

c) many editions of Windows run processes as a super user / administrator and are therefore easy to exploit

Switching to a 'more secure' operating system might help to deflect some attacks, but if the operating system has flaws, and if the user is responsible for allowing the exploit, it won't do much to keep the bad guys out.

JimB's picture

I believe that Home Depot is not being fully forthcoming about the integrity of their systems. About 2 years ago I made 2 visits to a local HD store for work. Within 30 minutes of using my credit card at a self check out kiosk I had fraudulent charges. Thankfully AMEX monitors the usage and contacted me.

Was the kiosk hacked?
Was the local wifi compromised?
Was there a skimmer on the unit?

These are all possible avenues, but since the second time this happened, if I have to go to Home Depot I will only pay cash.

And the thought that the top level execs are the point of compromise says a few things:
1) Do the Sr Execs at Home Depot have access to the Credit systems?
2) Are the Sr Execs granted more rights than they actually need?
3) Or are the Sr Execs at Home Depot the security weak point?

Sounds like an IT Audit is dearly needed

LouisianaJoe's picture

It is the integrity of the data. The data was not encrypted and the security of the database was breached.

Credit card data should be encrypted and should be split in to multiple pieces stored on different servers.

matt_2058's picture

I'm pretty sure HD was the reason my card was compromised. I find it interesting the article mentions 3rd party access to their system as the path taken.

Also, it is no wonder that email addresses have been compromised. I contacted HD Customer Service LAST YEAR about linking my separate accounts. The problem was that I made a purchase in-store with one credit card. I later received an email about the purchase. HD linked the cards I use in-store with my HD Online account, which I use one card for so I can keep things separate.

HD Customer Service and the CS supervisors could not comprehend why this is a problem. Maybe now they get it. At a minimum, purchases may be seen by an an unintended party, be it a spouse who thinks you already have enough tools or the spouse buying tools as a gift!

stekcapofni's picture

Reports I have read about this breach in the Wall Street Journal indicate that it was due to a stolen vendor password. No operating system is secure against that.

And hackers, for the most part, are only going to spend their time exploiting the most prevalent operating systems and browsers.

Apple OSes are "protected" simply by Windows being so dominant on the network.

Moving some of the executives to Macs is essentially doing nothing. I guess it makes the execs feel better.