A number of updates regarding the breach of Target’s point-of-sale (POS) system have come to light since our first blog entry on the matter.
There are strong indications that the malware instrumental in Target’s recent cyber security credit card breach has been developed by a 17-year-old Russian national from St. Petersburg, Russia. LA-based IntelCrawler, a company that gathers critical information on behalf of clients, has reported that the data breach was caused by hackers who used malware named BlackPOS. Originally invented by the Russian teen, BlackPOS was allegedly intended as an “off-the-shelf” malware product and was not developed for the purpose of hacking Target's information security.
Interestingly enough, Andrew Komarov, CEO of IntelCrawler successfully posed as a cyber criminal and was able to chat with the Russian teen. Komarov said the hacker said he would be willing to sell him the malware for $2,000 or for a 50 percent cut of all intercepted credit cards. It appears the Russian teen has an entrepreneurial bent with an illegal twist.
Cyber Intelligence Joint Investigation
The U.S. Secret Service along with iSIGHT Partners, a cyber-intelligence group, issued their findings after their joint investigation. At this point, investigators don't believe the Russian programmer, now being referred to as the author of the Target hacking code, was actually involved in the Target security breach. It's not clear if the same malware was also involved in the Neiman Marcus data breach.
The Target Cyber Security Breach is Larger than Initially Reported
This major information breach involves user data belonging to up to 110 million which substantially exceeds the original number cited, and puts it among the largest in history. Separate from the already reported payment information, the hackers were also able to access customers' personal user data that includes names, mailing addresses, phone numbers, and/or email addresses for tens of millions of people.
And the Real Author is?
Although cybersecurity firm IntelCrawler initially listed the Russian teen as the author of the malware, on January 20th, the firm issued a revised report saying that the teenager was simply involved as “technical support” for a second, and yet unnamed Russian man.
To complicate things even further, a Ukrainian resident has now been cited by cybersecurity expert Brian Krebs as the author. This story is continuing to develop at this time. How the details play out is being carefully monitored in the cyber security community around the world.
January 22, 2014