. >> michael riley, one of the authors of the story, joins us now.he headline on the story is, target blewett. -- how target blew it. how did they blow it and why? targeted all the right things to prepare for this kind of event. they spend a lot of money in security and bought very sophisticated tools. fire eye catches the malware at an early stage and it is used by the cia and pentagon and intelligence agencies all over the world. they curated a security operations center, a headquarters where specialists sit and analyze data that is coming in and look at alerts. they have a round-the-clock monitoring service, including this new vendor in india. when the alerts -- when all the technology and money spent actually found the malware as it was coming in, the malware that would have been used to take the data out, the alert was recognized in bangalore. it went to minneapolis and nothing happened. failure at the core of this. why the sox did not react. there is an issue of how security teams deal with these alerts in a timely manner. worked, and they spot

michael riley is back with us as well. rescatore and what is their role in this?s inside the code of the malware that was installed on the target pos system. we know that he had something to do with the creation of this malware. essentially as an armor. crop and waits a for it to grow and harvest it and takes that crop to market. that is exactly what has happened here. paint the underworld you describe in your article ofcarders and displacing ukraine were they apparently have conventions were a bunch of people get together and talk about how to use credit card information and they sell it and buy it. describe this place to me. we know that the cyber underground is becoming segmentedly well machine that operates quite smoothly. secret service describes a lot " these sites compared to the oceans 11" movie. it is different guys with different skills and will do various parts of the hack but you can hire out or find somebody good at any piece of this unique. once they collect the cards, they've got a really efficient way of selling them. you can go onto some of the be

this datae on how breach happened, we spoke with michael riley, one of the authors of the story in this week's issue of bloomberg businessweek. the headline of the story, target blew it. we asked him just how badly. >> this is a story about how targeted all the right things to prepare for exactly this kind of event. we spent a lot of money and bought some very sophisticated tools. fire i, which is the tool that catches the malware. it is used by the cia and pentagon. a superior a sock -- a security operations center. alert and allthe that technology and money spent itually found the malware as was coming in, the malware that would have been used to take the data out, the alert was recognized in bangalore. he went to minneapolis and nothing happened. there is a human failure at the core of this. it is a little unclear why the react. not there's an issue of how the security teams deal with all of these alerts in a timely manner. what we do know is that their tools worked and they spotted the malware in time and they did not do anything to stop it. >> we do have a response from target. i w

. >> we're going to start with our legal reporter michael riley. he and a team uncovered some alarming details about one of the biggest hack attacks ever. the holiday season theft of credit card and personal information for as many as 110 million americans. michael, we have heard for the past several months that targets explanation for how and why this hack occurred in and around shopping and christmas. i want you to fill us in on what you have found. some of it strikes me as being at odds with what we have heard from target. >> from the beginning, target has emphasized it were the victim of a very sophisticated group of hackers. the truth is, target has spent a lot of money to create an i.t. system and i.t. security system that is incredibly sophisticated. what we essentially found is that system worked perfectly well. in fact, the i.t. security fact detect the hackers. the key point is, not only did they detect the hackers, but detected them before any of the stolen data was taken. >> how is it possible then that if target new these hackers were t