A Russian teenager has been identified as author of the malware used in the cyber attacks against Target and Neiman Marcus.
Intelcrawler, cybersecurity firm based in Los Angeles, assert the teenager as the culprit of recent holiday season cyberattack, where a massive breach at Target compromised credit card numbers and other personal information of 70 million customers.
“We don’t think we are wrong,” IntelCrawler president Dan Clements said on Sunday.
The malware, which IntelCrawler describes as an “off-the-shelf” product known as BlackPOS, was allegedly written by a 17-year-old, Sergey Taraspov, who has roots in St Petersburg.
Andrew Komarov, the chief executive of IntelCrawler, said the attackers who bought the software entered retailers’ systems by trying several easy passwords to access the registers remotely.
Target, the nation’s second-largest retailer, has expressed regret for the security breach, which it said affected up to 110 million shoppers.
Neiman Marcus admits a analogous attack but hasn’t said how many customers were affected.
Komarov, said most of the victims are department stores and said more BlackPOS infections as well as new breaches could appear soon. Retailers should be prepared.
Taraspov is believed to have sold more than 60 versions of the software to cybercriminals in Eastern Europe and other countries. The software reportedly enabled the thieves to remotely hack into Target’s computer systems and obtain customer credit card numbers and other information, which was then sent back to a computer controlled by cyber thieves.
State and federal officials, including the Secret Service, have launched a widespread investigation into the breaches.