live from pier three in san francisco, welcome to "bloomberg west." an explosive story about the massive target data breach, bloomberg businessweek has learned the target systems quickly detected that someone had broken in the executives did nothing. we will spend the next half hour diving deep into this story and looking at what went wrong plus the secret black market for credit card information and the underworld of who traded.

amazon is raising the price of its rhyme membership by $20 to $99 per year. current members are being sent reminders about their renewal dates when they have to pay the higher cost. the move will generate additional revenue for amazon. prime gives members access to free two day shipping and amazon video service streaming. john donahoe is stepping up his game at ebay against harel icsahn who wants ebay to spin up paypal. he has consulted with other icahn targets including tim cook and reed hastings for advice on how to handle the activist investor. he has met with goldman sachs and institutional investors to make his pitch that paypal belongs with ebay. the ende era -- it is of an era for google. it has removed underlined links from his desktop search page print of shown up as underlined

links when it first launched back in 1996. it has increased the size of results and even doubt the height of lines to make the desktop page easier to read and more consistent with the google mobile site. the inside story of that massive target data breach -- we start with a look back at the timeline of events that led to the data breach that touch as many as one in three american consumers. >> the first time the public heard the target had been hacked was on december 18, 2013. a blogger revealed the company was investigating a massive breach. the breach itself actually began some time before that. what did target now and when did they know it? hackers began capturing credit card data on november 27. three days later, sophisticated security spotted the malware.

target had paid $1.6 million for it because of its ability to detect hacking and real-time. soon the security worker in india solvate fire eye alarm and the. operationcenter and the alarms overlooked on december 2, security tools detected another version and this red flag also went undetected. at target act on the alerts at this point, they would have been able to prevent one of the biggest data theft in history. instead, for more than two weeks, the hackers collected credit card information and bounce around the globe to place like moscow. on december 12, federal law enforcement notified target that there is suspicious activity involving card payments. the retailer hires an independent team to run a forensic investigation and on december 15, target confirms it has been hacked and removes the malware. publices the first statement revealing that up to

40 million cards of and compromise. 20 days later, they notify customers that an addition to credit card theft, personal information for up to 70 million customers has also been stolen, affecting as many as 1/3 of american consumers. such a fascinating story. it's like reading a thriller. the amount of detail in the story and what happened and how and the fact that target did nothing when they first found out about it. we will go into great depth in the story but the impact is important not just for target and not just for the tons of people affected but for every business involved with customers and technology which would mean pretty much everyone. >> michael riley is one of the authors of the story in this week's "bloomberg businessweek" joins us now. the headline on the story is " target blew it."

how did they blow it and why? >> this seems to be a story about targeted all the right things to prepare for this kind of event and spent a lot of money in and bought some very sophisticated tools, fireye is that tool that catches the malware at an early stage and is used by the cia and the pentagon and intelligence agencies all over the world. they created a security operations center which is a headquarters where specialists sit and analyze data that's coming in and look at alerts. they had around-the-clock monitoring service including using a vendor in india and yet when the alerts actually -- when all of that technology and all that money spent actually found the malware as it was coming in, the malware that would have been used to take the data out, the alert was recognized in bangalore and went to minneapolis and nothing happened. there is a human failure at the

core of this. did notlear why the soc react. there were management issues going on there. there was an issue of how security teams deal with all of his alerts -- all of these alerts in a timely manner. we know that their tools worked and they spotted the malware in time and they did not do anything to stop it. >> we have a response from target. this is the full statement. they came back to you with a statement after you asked them questions. --says

facing some 90 different lawsuits. it seemed like you guys saw past the mystery about how this ofireye f and the role that target had been using that caught this before anything was even stolen. >> i think that what they are trying to do is figure out what actually went wrong on the human level. these findings were all known to target as they went back. they were notified by federal authorities that they have been hacked and then they went back to look and see what all of this expensive equipment and costly system they put together did not work. what they found as they did that

investigation is that it did work at least on the technology level and the question is where was the human fail? did they not react quick enough or was there a management issue that meant they did not react to the alerts? the systems create a day loose veryta fireye is a specific and good system that does not create false positives. maybe they did not pay attention to the systems they should have. i think that is what they are going through and the ceo says they are doing a complete top to bottom review of there could -- security system. the company is trying to figure out why this happened and how is it that they could have found the malware in time and not done anything. >> there is a suggestion they were used to using crummy tools but they got their hands on a good one. the crummysed to response previously? >> we have seen a security boom in tools. every company is selling

something that says it can save your network and there are many really good tools out there. this is the set of next-generation tools that analyze behavior and does not look just look at digital signatures. all of these big companies also have a lot of legacy tools and older tools. they all have antivirus which can put up tens of thousands of alerts even in a day and there's a huge amount of information they have to go through. we talked to customers who used fireye and they say it is a good tool but to have to have a security team that can respond in time and get what you want. one of the ironies is that which whena function it response to a piece of malware like this, it can illuminate it automatically. target had that function switch off which sounds weird. it's not that unusual because the it and security teams like to have the last step themselves and be able to go and look and see what the problem is. came tolem is, when it the last step, they did not do it. >> we will talk more about what

information was taken and who took it and where it went and how it was used in the next block. i have to admit that i am one of those people who still scared to shop at target. how safe is it now? think when companies suffer breaches like this, they tend to hard to learn from them. it is safe in the sense that on december 15, they were able to identify the malware and eliminate it. it was not a hard thing to do because of the way the target systems work. they can justre-image all their pos machines all at once. after december 15, the hackers have been cleaned out and those cards are not at risk. the larger question is for target and other companies, are they suffering -- is there system vulnerable in ways hackers will continue to do this? is thing about this hack that it was not very sophisticated. they were not the best hackers in the world.

they did some very smart things but a report was released that said if target had their act together, should have found these guys out before they did. >> don't go anywhere, you will stay with us through the next block. up next, how easy is it to buy a stolen credit card number on the black market? we will take a look at the secret websites that are the amazon.com of credit card fraud and you can watch us on bloomberg television, streaming on your phone, your tablet, and bloomberg.com. ♪

>> we are talking about the massive data breach at target. once the hackers stole the credit card, what did they do with them? thetraffic to them through credit card black market in ukraine. it is a person we believe sells stolen credit cards through several websites print let's bring and the chief technology

officer at forensic services. he is a former member of the secret service electronic crimes task force. michael riley is back with us as well. rescatore and what is their role in this? is inside the code of the malware that was installed on the target pos system. we know that he had something to do with the creation of this malware. essentially as an armor. crop and waits a for it to grow and harvest it and takes that crop to market. that is exactly what has happened here. paint the underworld you describe in your article ofcarders and displacing ukraine were they apparently have

conventions were a bunch of people get together and talk about how to use credit card information and they sell it and buy it. describe this place to me. we know that the cyber underground is becoming segmentedly well machine that operates quite smoothly. secret service describes a lot " these sites compared to the oceans 11" movie. it is different guys with different skills and will do various parts of the hack but you can hire out or find somebody good at any piece of this unique. once they collect the cards, they've got a really efficient way of selling them. you can go onto some of the best sites and they work like amazon.com. you can go onto the site and sign in with a password which you have to get from the site's creator or because you are a client or known, once you're in there, you can search arts by

the card round or the expiration date and by zip code so if you are buying these cards to commit fraud, you can do it in the same area where the cards are issued so that it does not trigger fraud engines. they make it really easy to do. then you put your basket of stolen cars into an electronic check out basket and you pay for it using bitcoin or western union or whatever currency they want to take. it is pretty automated. mark, one of the interesting things about the story was the notion that this was not just a bunch of guys in a darkroom on computers in eastern europe but there was physical breaches of security. this is a complex operation with -like characteristics that involve fake id badges. security is most

important. what troubles me most about this -- think of it like this -- target paid 1.6 million dollars for a smoke alarm and when it went off, they took the battery out without seeing if there was any smoke. >> described the way the black market works. as i understand it, credit card numbers sell for anywhere from between $600-$2000. how quickly can they use these before they are detected? >> the analogy i used earlier i think is pretty spot on. the individuals in russia are making their money by selling the stolen information. they need to make it convenient so they have put together this amazon.com for this is that. -- data. it is a no frills webpage but it does allow hackers to download very specific or to purchase

very specific credit card information even coming back to a certain billing zip code. they can even purchase specific digits,h specific 4 the final four digits on a card in order to circumvent human security at the checkout. if you've ever purchased a tv at the checkout, the cashier will often ask you for the card and check the expiration date and they will check the last four digits to make sure it matches up with the information stored on the magnetic stripe. these are very sophisticated ofrisgator. >> your story is amazing and nice work. i wonder about prosecution and what happens. can they actually get their hands on these guys? is there cooperation

cross-border? has that changed with the situation of russia and the ukraine? >> the short answer is no. that have been operating for years in russia and elsewhere in eastern europe. there was an indictment last onr in new jersey that focus a gang like this one that had been responsible for stealing 160 million credit cards at least from everyone from jetblue to citibank and it goes back to the heartland payment systems hack which was 2008. those guys have been operating for years. they have been untouched in russia. u.s. law enforcement, it's not like i have not tried but it depends. i talked to a former at the eye agent -- a former fbi agent and he says it depends on the cooperation we get from the home country. do anything of't they don't respond.

the one thing they have tried and have had some success as they try to lure these guys out to a different country. for example, they will lure people out to do a business deal or have a party in the netherlands or amsterdam on the pretext that they are another bad guy. if those guys get them a plan and fly to one of these countries where they have better law enforcement cooperation, then they can lay o hands on them. >> let's invite them on "bloomberg west." >> i'm not sure that will work. it's a nice try. michael riley, fantastic piece m,ark, please read the piece in "bloomberg businessweek." still ahead, how safe is your data and what are companies really doing to protect it now you can also watch us on

bloomberg television, streaming on your phone, your tablet, and bloomberg.com. ♪

>> welcome back. turning back to the inside story of what went wrong with target and how companies deal with credit cards and your information -- >> it is not just the bar -- back-and-forth of target but how it may serve as an object lesson for how not to screw up for others. >> we got the perfect person to discuss this, the ceo of a credit card company. how do you deal with it? >> security on the internet is a difficult thing. to focus on it everyday. we have an entire team dedicated and committed to it. it's all about trust and credibility. the story that you guys produced is a powerful about human

mistakes. what i like about what targeted afterwards is the ceo came clean and said this is a bad situation. >> eventually. this really felt like a political thriller where you had an administration with an incompetent response to an evolving problem that could have been headed off. i wonder how many credit card numbers to you guys receive? >> we will do over 3 million transactions this year alone. the business is growing very strong. we started with textbook rental but we do digital subscriptions to learning material so it will just get bigger. >> how big is your security team? >> we will not give out information but it's pretty significant. one of the smartest things that we did is by general counsel was before ebay with 10 years. he has taken that responsibility since the first day he came.

willick with us because we talk more later in the show about the future of chegg and we will have more of "bloomberg west." ♪

>> you are watching "bloomberg west." i am here with cory johnson. the booking campaign started by sheryl sandberg one year ago in the same organization has recruited beyonce in a new ad to ban bossy claiming the word has a negative impact on young girls. take a look. take one.sban bossy >>. >> stubborn. >> pushy. >> i'm not bossy. i'm the boss. thomasel thomas joins us

the lien in president and cofounder. the people you got to participate in that at her amazing. how do you recruit beyonce to support your cause? >> we did a lot of outreach and we were thrilled by the response. people said we want to be part of this and participate. >> why focus on the one word, bossy? , bossy,e lots of words pushy, know it all and it sends message to our girls not to raise their hands raise their voice and don't leave your people might not like you. we know girls hear this. by middle school, they're less interested in leading them boys and that is a trend that continues lifelong and they often cite fear of being called bossy or being disliked. >> this campaign has evolved over the last year. have you figured out there are different ways to tell the story or has this always been part of the plan to evolve with a certain message? organization, we are

all about encouraging women to lead into their ambitions. -- twolean in to their ambitions. we send messages that discourage them from leaving. as early as middle school, they are less interested. >> i got two little girls myself and i watch them go through the process of elementary school and watching the social interaction. in terms of your organization and your learning from what you have learned the lester, surely -- learned over the last year, there has been a plan? >> sheryl speaks about the power of bossy and the power of the language we use for our girls. we learn as we go. this emphasis on girls and how important they are and the story of female leadership has been evolving as we involve as an organization. >> are you targeting companies or schools? >> yes, yes, yes. on our website and

activities and how we can encourage girls to lead. this is a campaign about encouragement. it's for girls, parents, teachers, even managers. on small but powerful things we can do every day to encourage girls and women to step forward and take the lead. >> i have been following the movement very closely from the beginning. it has certainly taken on a life of its own. that has been its fair share of controversy and even the ban bossy raises the question of dealing with that word. how do you deal with controversy and criticism? >> we want people to talk about these issues. these are important issues. stereotypes are very powerful and self reinforcing. the stereotype is that girl should not lead or they may not be liked. we celebrate them and cheer them on when they do. we are thrilled about the conversation this is driving. over 300,000 people have already and 19to be on bossy

people have visited the website. it is driving a big national conversation but it is driving conversations in homes. parents two daughters. >> what about social technology focused? maybe a company like facebook and have particular thoughts. we have used social media heavily. we have two videos and you played one. been viewed close to 2 million times. if you visit our website, you can place of young aussie and that kicks off a big viral flow. your gathering information? >> it is all pushing out. we want to push the message out, not to gather information. overve been thrilled that 100,000 people have downloaded the tips already and these are actionable everyday things we can all do to encourage our girls to lead. >> what is next? how do you look at the next year and the year after that?

you guys are not going anywhere ,right, you will keep the conversation going? >> we are very committed to this conversation. there is more we can do with ban and lots of partners pushing this out to classrooms and girl scout troops and parents and girls and they will continue to do that. the next thing for us specifically as we have the graduation edition of lean in which comes out in april. like this campaign, it focuses on the practical things young women can do as they transition from college to the workforce to be effective. >> is it a new book coming out? originals a lot of the content but there are new chapters like and how to find a job or how to negotiate, how to get the best foot forward as you start your career and get on a leadership track. i have to be honest, it's a lot of things i wish i had known. my dad get me the best advice he could but he gave me advice that is more specific to men than women. it's advice that is very gender

focused. i think this will be more focused than dr. seuss and " all the places you will go." have you seen negative reaction with this new focus on this book? >> we have been thrilled. you probably heard aboutlean in lawsuits. people are asking for money and getting more money. we don't like lawsuits but we like that people are feeling empowered and are asking for more. we have so many ceos and managers say i would never be bit ofthere is a little a pushback and i did not notice it until i read the book is what they say. we feel it is driving incredibly positive change so we could not be happier. >> we will be looking closely at the next year of lean in, thanks for joining us. two journalists turned venture capitalist. you know them. >> they are sharp guys.

>> one more guy is doing it. that is next. ♪

>> welcome back. titans venture capitalists are pouring millions into publishing and media these days. bought "therecently washington post." how many are going to cash in on content? our next guest made the opposite move from journalism to venture capital. atgigaohm.nager knownblog very well and you are in tech for 20 years? >> you making me feel old. >> how has the transition them

from journalism to vc? >> it has been 15 days. i don't think there is much of a difference except i don't have a blessing deadline which is cool. i get to not worry about writing a story in the middle of the night or doing a twitter feed and worrying about what is going on in the planet. that is the big change. otherwise a lot of things are pretty much the same. i've meet a lot of people and them talking to a lot of startups and talking to a lot of smart people. my day still starts at 5:00 a.m. >> you're not the first guy to do this, michael morris did the same thing and has had a good track record since then. >> no pressure. how does your prior life as a journalist put you in a better position to spot the potential winners out there? >> one of the key things as a journalist which at least i think about myself is that i

have had 20 odd years to figure out how to think about the future, what trends are coming and be more per year for the future just because i have found that it was easier to write stories about companies which were going to be interesting like writing about skype and learning about that when broadband was taking off. i will probably apply the same logic i had to this the mine. you foralism prepares listening which is something we don't do very well in silicon valley -- we don't like to i don't knowuch -- -- there are a bunch of other things which i have learned over the last eight years running a startup which gigaom is a blog but it is a company. >> you were also in publishing

and we were all in magazine publishing in the 1990's. i feel that there are some lessons that directly applied not just to journalists but lessons that are not helpful. what are the things that media people know that the rest of her the world doesn't? well and i'm it certain he will and michael morris did well -- they understand is what people care about. you guys only want to cover what you think the audience would care about and that's an insight most people don't have. is an internal editor that good journalists have. will this have an impact? he should not cover it if it doesn't. if you look at the history of what om covered, it was interesting things before people knew they were going to mattered and that was the brilliance of his blogs to begin with. it was not covering news after the fact. that's the kind of insight i think he can bring and other

good journalist like yourself historically can bring to these things. you have a sense of what might trend. >> you are all in a good position to discuss where we are in the latest spike. we have turned -- we have heard the term double. om, what do you think of valuations and what you think of the fact that a company like pinterest is valued at $4 billion but makes no money. >> one thing i recently heard is --pinterest is doing most of its traffic from mobile. that tells you that's for the future of commerce is. pinterest is right in the middle of it. how big the opportunity is remains to be seen for them. overall, mobile con -- commerce is a massive business. yes, in someued? logical sense but it is not overvalued because the future is

ing them andinvol transactions. in 2005. journalism i thought i was going -- i did not know what strength i would bring. i found out there was a guy sitting at the next desk with a armored mba beckoned to cash flow analysis in the second but did not know how to pick up a phone and call a stranger and get something valuable as far as information. i see that journalism is moving away from that. r there is a lot ofewrites. when you look at the journalistic models out there and we have so very little truly original content, just a lot of reactionary content, if you see the models of journalism changing? >> the internet requires that her editors and better journalism. it's an opportunity. the reason we are on the cusp of something big as we have gone to the cycle of what you just described which is re-tweets -

there is no original anything but when people spend time to write original content, we begin to see that. when you look at a buzzfeed or a huffington post or whatom did for years, high-quality will find an audience. the rush fory is eyeballs or insane valuations with no revenue and if that causes people not to do the sustainable. those that do focus on it 20 years later, you see the value in it. >> you think the valuations are insane? where are we in this cycle? company, private violations are difficult to understand. however, it's a market and when there is a lot of capital and there is a lot of competition to get into these companies, there will be a lot of money poorly spent. however, some of these companies will be well worth with their investing in and more. i cannot discuss whether worth $4t is or isn't

billion. it is to somebody but if you can own mobile commerce or on generating business for themselves and other people, it will be worth way more than that. somebody is betting they can figure that out. look at companies likeair b&b that will be one of the most import and companies we have seen. i think it is worth more whatever it is valued at that that's for the market to determine. >> it is also whatapp. we will talk about that after this break. malik will be back in a moment with more. ♪

>> welcome back to "bloomberg west." facebook is now offering video ads after months of testing. the 15 second spots will be rolled out in late april or early may. facebook is also testing features the companies can apply

to the ads like scheduling what time of day an ad appears and how frequently it appears. ofare back now with om malik true ventures and the ceo ofchegg, the only guy in the world who got martin zuckerberg to sell assist company. what happened there? >> i'd rather not. it was early on and they had 4.5 million users and i had met mark and we were both having an instant connection. i listened to his vision and his story and the enormity and his confidence3 talk about being bossy. i fell in love with him and where he was going and that was when you cannot college to college. a talked about it and he had vision to take over the world which he is doing now. the combination would have been extraordinarily powerful and mark agreed to do it. $1 billion was the offer. to sellot him to agree

facebook to yahoo! for $1 billion but he backed out. i am curious, what's it like to negotiate with mark zuckerberg? what do you imagine is different today? he's got a charisma that most people who don't understand. he has the power of the enormity of his vision, the confidence they will figure it out, his willingness to make a mistake and then fix it. we talk about the things rolling out like we can and all of those things. he is relentless and what he believes in. that's why facebook is so powerful. you need somebody like that if you're going to run the world. >> let me ask you about your observation of dealmakers in your work as a journalist. i feel like one of your expertise is is enterprise deals that we don't focus as much on. have you heard of deals that don't get done?

what will you bring to your new career as a vc world on deals that work or don't work? >> the difference between deals that work or don't work is relationships and the ability to communicate. that is the difference between winning and losing. the inability of people to communicate is the number one reason things don't work out in the business world. it is so important for founders to understand that they are dealing with people on the other side, not dealing with a number. the number is essentially a number. i think this deal between mark andwhatsapp got done because he established a connection. mark established a connection with gavin systrom. >> it was close in very short order. >> you hear he has been working on these guys for a couple of years. >> even when i was working with

facebook, we worked on that discussion for over one year. it was well over a year, i met him and went and had dinner with them many times. >> you also got mark to hire sheryl sandberg. >> i introduced them. nobody gets cheryl to do anything or more to do anything. c is not a number to kind of gal. >> neither is he. wasour point, brian acton at yahoo!. it's interesting how this comes together. silicon valley people want to win. that is the most important thing. the one omission that matters and they want to be with an organization that will win and some of these folks will say i can win faster if i am with facebook as i believe in cheryl and mark and i believe in that team. it's that confidence and trust that they respect the gets the things done and makes them work. >> mark zuckerberg looks great

right now and everybody seems to have confidence that he can make the best of these acquisitions. how do really know they will not be viewed as bad acquisitions in hindsight? why can he buy versus build innovation and that is ok? key toink the understanding mark or anybody like him is to understand that they haven't in a confidence in themselves -- they have a ninnate confidence in themselves and their ok being wrong. people who think they can only win without being wrong, they never went. mark is one of those guys -- he will take his punches and come back with a counterattack and do a better job. works out orapp not, it's a risk worth taking. stock which is

pretty inflated and cisco used to do this. dealsmes half the cisco worked out an app did not. when they did, they ended up with a product like the cisco switch which is saving the company now. i think the same thing with mark. >> they also have an integration team. now that you have a publicly traded stock, it was quick down quite a bit in the ipo but you're aware of this -- do you look at deals and try to figure out how the integration will be just as hard as the decision to do it? >> sure, you have to look at the whole spectrum. the magic to some of these deals that you see are not businesses. they are very small teams. bezero integration. it is more of a cultural thing and if they agree how they will run it. when you buy an actual business long-termand

cultures, those are much harder and don't work out nearly as well. >> we will continue this conversation, thank you both. ♪

>> from bloomberg world o headquarters in new york, this is "bottom line." today, fed nominee stanley fischer testifies on capitol hill. to signt obama prepares an executive order extending overtime pay coverage. secretary of state kerry taking serious steps if russia moves into east ukraine. where viewers here in the united states and to those of you joining us from around the world, welcome. we have full coverage of the stocks and stories making headlines today.