Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

You Gotta Be Kidding Me. 17-Year-Old Russian Kid Wrote Code for Target, Neiman Marcus and Other Hacks.

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

What did you do for money when you were 17? Mow lawns?. Do the Mickey D burger thing? Camp counselor? Whatever it was, chances are it wouldn’t have put you at the center of a worldwide manhunt. Which is where one Russian teenage hacker ended up.

Hearing a teenager wrote the code that put tens of millions of people in jeopardy of having their identities stolen can leave you conflicted. On one hand, like any prodigy or savant, he can be admired. On the other, for the pain he caused and will cause, he should be sent to Siberia with a thin moth-eaten blanket and Bermuda shorts and have a hungry grizzly for company.

The Washington Post’s, Hayley Tsukayama, writes about this latest twist in the Target-Neiman Marcus et al. hack with a reporter’s more objective eye:

Security firm IntelCrawler said Friday that it has identified a Russian teenager as the author of the malware probably used in the cyberattacks against Target and Neiman Marcus, and that it expects more retailers to acknowledge that their systems were breached.

In a report posted online, the Sherman Oaks, Calif., company said the author of the malware used in the attacks has sold more than 60 versions of the software to cybercriminals in Eastern Europe and other countries.

The firm said the 17-year-old has roots in St. Petersburg. He reportedly has a reputation as a “very well known” programmer in underground marketplaces for malicious code, the report said.

The company said the teenager did not perpetrate the attacks, but that he wrote the malicious programs — software known as BlackPOS — used to infect the sales systems at Target and Neiman Marcus. Andrew Komarov, the chief executive of IntelCrawler, said the attackers who bought the software entered retailers’ systems by trying several easy passwords to access the registers remotely.

“It seems that retailers still use quite easy passwords on most remote-access” servers, Komarov said. He added that there do not appear to be many restrictions on who has access to the remote point-of-sale servers in numerous companies. This, he said, could enable hackers to gain access to a prime target: back-office servers where criminals can pick up pools of data from multiple stores.

Target declined to comment on the report. Neiman Marcus spokeswoman Ginger Reeder said that she has heard no claim about weak passwords from anyone with direct knowledge of the retailers’ system.

Komarov first identified the software last March and reported it to Symantec and other security firms. Before both breaches, IntelCrawler said in its post, the company detected attempted attacks on point-of-sale terminals across the United States, Australia and Canada.

That indicates that more companies, specifically retailers, are likely to discover attacks on their systems in the near future, company executives said. The firm has identified six additional breaches at other retailers of various sizes across the country, Komarov said. He did not identify those retailers.

Last month, Target announced that hackers had gained access to as many as 40 million credit and debit cards used by its customers during the height of the holiday shopping season, later extending that figure to as many as 110 million. Neiman Marcus has also disclosed that it was the victim of an attack but has not disclosed how many customers were potentially affected.

Both companies have said the breaches are under investigation by federal authorities.

By ThreatMetrix Posted