The US Department of Justice has announced that it is actively investigating the Target Corporation data breach saga, two months after details on the attack first emerged.
US Attorney General Eric Holder revealed that his Justice Department is investigating the hack and said that it will look to find the perpetrators - as well as any individuals and groups -- who exploit that data via credit card fraud.
In a statement issued to the US Senate, Holder said: "While we generally do not discuss specific matters under investigation, I can confirm the department is investigating the breach involving the US retailer, Target."
Target has been drip-feeding details to the media of how the criminals attacked its system and the picture of how cyber criminals staged their attack is now coming into focus.
Independent security researcher Brian Krebs says that the attackers were helped by "a poorly secured feature built into a widely-used IT management software product that was running on the retailer's internal network," leveraging a Microsoft Windows share function and a software package from BMC Software in order to exfiltrate the data to their own computers.
The researcher says he has asked BMC Software, the company that produces Performance Assurance for Microsoft Servers, why its admin level privilege feature operates as it does, but has not yet had a reply. He also cites Dell Secureworks' Counter Threat Unit as investigating the security breach methodology along similar lines.
"According to a trusted source who uses mostly open-source data to keep tabs on the software and hardware used in various retail environments, BMC's software is in use at many major retail and grocery chains across the country, including Kroger, Safeway, Home Depot, Sam's Club and The Vons Companies, among many others," says the Krebs in his analysis.
Krebs remains ambivalent on the blame game in his report, but the underlying message suggests that any retailer using the company's IT management suite should now be checking the security and integrity of their EFTPOS systems and related system software.
As previously reported, Target - the second largest retailer in the US - was hit by a data breach late last year, with the company confirming on December 19 that up to 40 million sets of card credentials had been leaked.
Eight days later the retailer admitted that encrypted customer PIN codes were included in the credential data files, and on January 10 revealed that up to 70 million extra customer records - names, postal addresses, phone numbers and/or email addresses - had also been stolen.
Security experts now rate the breach as the second-largest in the world - just behind the Heartland Payment Systems attack of 2009, which involved 130 million sets of credit and debit card credentials.