17 year old fingered as author of malware used in Target attack
A 17 year old Russian hacker who goes by the online handle of "ree4" has been identified as the author of the malware that was used to attack Target and Neiman Marcus.
The teenager, Sergey Taraspov, is well known in cyber crime circles having developed other malicious codes to hack commercial systems. He apparently sold about 40 copies of his program to criminals who then modified it slightly and used it to sweep up at least 80 million debit and credit card numbers from Target alone.
Now, the firm that first revealed the Target attack, is saying that 6 other companies suffered a similar fate.
Clements said IntelCrawler is "90 percent" sure of its finding, based on the forum postings and sources it communicated with.
The forum posts indicate the teenager sold the malware for $2000 or for a share of the profits that came from monetizing stolen payment card details, Clements said.
BlackPOS was also sold to "carding" websites such as .rescator, Track2.name and Privateservices.biz that trade in stolen card details, according to IntelCrawler.
BlackPOS was originally called Kaptoxa, which is Russian slang for potato. Clements said the Russian teenager eventually renamed the malware BlackPOS during a fresh marketing push.
Dallas-based security company iSight Partners wrote in a report earlier this week on the Target hack, which it called the "Kaptoxa operation." It says the hackers used a high level of skill to gain stealthy access to the retailer's network.
International Business Times is reporting that the 6 other companies targeted in the hack have not informed their customers yet:
Retailers in California and New York were among those hacked with kARTOXA/BlackPOS, the software used in the attack on Target.
Security researchers at the Los Angeles-based IntelCrawler said the teen malware author created the first sample of the software in March 2013. Komarov issued the first report on this malware in the beginning of the spring, when he worked for another forensics company.
Komarov also said in an email to the IBTimes that there is evidence of more than six ongoing attacks, but that he cannot yet release more information.
"We will report with the first feedback and approval from [law enforcement authorities]," Komarov said.
IntelCrawler describes itself as a "a multi-tier intelligence aggregator, which gathers information and cyber prints from a starting big data pool of over 3,000,000,000 IPv4 and over 200,000,000 domain names, which are scanned for analytics and dissemination to drill down to a desired result."
I have taken to checking my bank balance almost every day looking for any charges I didn't make. It's probably a good habit to get into anyway, but especially now with these massive hacks underway. I have also invested in Lifelock which would inform us if any suspicious activity occurred or was occurring on our bank account or cards. It won't prevent an attack but it can help limit the damage.
Better get used to this. It looks like we're getting a peek at the future of e-commerce.