Sources close to the investigation said the attackers first broke into the retailer’s network on Nov. 15, 2013 using network credentials stolen from Fazio Mechanical Services, a Sharpsburg, Penn.-based provider of refrigeration and HVAC systems.
In 1998 or 1999 DARPA's 97-11 security program conducted an "Integration Feasibility Demonstration" (IFD) to show how automated response could make it harder for an attacker to carry out his mission. The demonstration network, set up at DARPA's Technology Integration Center (TIC), included multiple network sensors monitoring the perimeter (one being my Network Radar tool). The attacker used stolen contractor credentials to log into the network via ssh.
Surprise! (or not) The attacker carried out his attack without a single automated response being triggered to slow him down. The problem: the first line of network sensors just saw a normal encrypted ssh connection.
It seems that after 15+ years, some things are remarkably the same.