Author of Malware Used in Target Breach Identified


IntelCrawler has identified the author of the malware that infected Target as a Russian teenager. According to the California-based security firm, this 17-year-old is also believed to have created the malware that infected Neiman Marcus.

The teenager is not believed to have launched the actual attacks. However, he sold more than 60 versions of the software to cybercriminals in Eastern Europe and other countries, IntelCrawler explained. “He is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers,” said IntelCrawler president Dan Clements.

IntelCrawler said that the attackers who purchased the software hacked the retailers’ systems either by entering default passwords, or by trying various username/password combinations until they struck gold (a practice known as “brute force password hacking”). In an interview with Computerworld, Clements noted that many retailers never change default passwords on POS terminals, which is a common problem that has been observed by the PCI Security Standards Council.

Additionally, there do not appear to be many restrictions on who can access remote POS servers in numerous retailers, IntelCrawler CEO Andrew Komarov told The Washington Post. This type of easy access could allow hackers to reach back-office servers which contain pools of data from multiple stores.

Komarov first identified the software last year and reported it to Symantec and other security firms. IntelCrawler said it has identified attacks on at least six other US retailers, as well as attempted attacks on retailers in Australia and Canada.


Related reading