January 20, 2014
Malware Mastermind Behind Target Malware Was 17-Year-Old Russian
Enid Burns for redOrbit.com - Your Universe Online
BlackPOS/Kaptoxa is the name of the malware that infected Target and collected information on 110 million of the retailer's customer' credit cards over the 2013 holiday shopping season. New research reveals that a teen in Russia, who was not yet 17 years old at the time, authored the malware that was able to hack into Target's systems, as well as those of Neiman Marcus and other retailers.
On Friday internet security firm IntelCrawler posted news on the discovery that the author was 17 years old. He was almost 17 at the time the first sample was created and made available in the crimeware world, in March of 2013, according to the IntelCrawler post. Since its original posting, more than 40 versions have been sold worldwide.
Before the malware was used on Target and Neiman Marcus, it made the rounds in Australia, Canada and retailers in the US. While Target and Neiman Marcus have come forward, as many as six additional retailers are believed to have been breached over the holidays, but have yet to come forward, Reuters reports.
IntelCrawler chief executive Andrew Komarov told Reuters that his company alerted law enforcement, Visa Inc and intelligence teams at a number of banks about the company's findings. "He said the payment card data was stolen in the attacks, though he didn't know how much," Reuters said.
"On Thursday, the U.S. government and the private security intelligence firm iSIGHT Partners warned merchants and financial services firms that the BlackPOS software used against No. 3 U.S. retailer Target had been used in a string of other breaches at retailers - but did not say how many or identify the victims," Reuters reported.
The software was reportedly made available and sold on hacker boards for use against retailers. It is believed that some hackers asked for modifications to the software, which may have been granted. The hacker previously created several tools used by the hacking community such as "Ree4 mail brute" as well as programs that hacked social networking accounts, IntelCrawler reports.
With the malware posted on hacker boards, the program creator was able to share and sell it with other hackers CNN reports. Continuous modifications make the program more adaptable, and also more difficult to detect.
"Well, we should be worried. One of the things the hackers do is take the malware as it's called. Once it's identified, then the security community can rally around it and put controls in place. But the problem is, the hackers know that. And they manipulate or mutate this malware, and then reuse it," SecureState CEO Ken Stasiak told CNN.
"We believe that he originated the code, or the malware everybody's calling it now. And was able to put it up on the Internet for download for other hackers to then take, and potentially use it for malicious harm. And that's what we believe happened to Target and Neiman Marcus," Stasiak said.
While it is alarming that a 17 year-old was able to write the code that has been so successful at breaching the systems used by such big retailers and gather information on so many customers, some of the claims security companies are making might be exaggerated. The teenager was the author, but not the mastermind of the operations, USA Today reports.
"Brian Krebs, a widely followed Internet security blogger and former Washington Post reporter, disputed that information in an interview and on Twitter," USA Today's Julie Schmidt and Beth Belton wrote.
One tweet from Brian Krebs to an individual stated "everyone is quoting Intelcrawler, whose intel in this case I believe is wrong."
Some would argue. "We don't think we are wrong," IntelCrawler president Dan Clements responded to USA Today. "While IntelCrawler says the teen allegedly authored the malware, it doesn't allege that he perpetrated the breach."