A 23-year-old Russian man admitted to a television interviewer that he helped write code used in the holiday Target malware attacks last month, the Minneapolis Star-Tribune reports.
Rinat Shabayev of Saratov, who goes by the name Ree online, contends that he was not otherwise directly involved in the Target attacks. He says he modified an existing code, and sold it online with no intentions of it being used maliciously. Shabayev says he is a programmer who worked as a hacker on the side to earn money while in a university.
The Target hit stole the information of 70 million customers, including pin numbers, credit card numbers and other personal information. It's the biggest in a series of high-profile security breaches at major retailers.
“I just gave the program and that was it,” he said. “If you use this software with malicious intent you can earn well, but it’s illegal. So I didn’t want to engage in this. I just developed it for sale, not for my personal use. And let other people use it in their conscience.”
Dmitri Alperovitch of CrowdStrike doesn’t buy that claim. He said Shabayev has been selling the software for up to $2,000 via online forums, just for the purpose of stealing information.
The code used in the attack is a modified Kaptoxa (also called Kartoxa) malware called Trojan.POSRAM, derived from the BlackPOS product, which is often sold on online marketplaces.
Another person nicknamed Rescator has been found selling card information stolen in the Target hack. He is a well-known member of an underground forum called Lampeduza and Brian Krebs of KrebsOnSecurity says he is likely an active player in the Target hack itself.
A fellow suspected code-writer is a 17-year-old from St. Petersburg, Russia. Experts investigating the hack say he too just wrote part of the code, and had nothing directly to do with the Target attack.