Russian Teen Created BlackPOS Malware Program Used In Target Data Breach: Report

on January 18 2014 6:58 PM
RTX16BED
When news of the breach first broke in December, the number of Target customers affected by the data breach was said to be 40 million. But updated reports from the retailer in January revealed that the number of customers hit in the attack was actually between at least 70 to 110 million. Reuters

The malware program that led to the theft of 110 million Target customers' credit and debit card information is believed to be the work of a 17-year-old boy from Russia.

According to Gawker, Los Angeles cyber intelligence company IntelCrawler is attempting to piece together the details of the major security breach. InterlCrawler detailed in a post on its site this week that the hack was completed using an "inexpensive, off-the-shelf" malware program called BlackPOS. Written by the Russian teen, BlackPOS was used in the Target operration and may have been used to steal information from Neiman Marcus customers as well.

IntelCrawler says the youth is not believed to be involved in organizing the attacks against the companies. But he did write and sell the script that was used to carry them out. The security firm details that at least 40 cybercriminals purchased the program. They were mainly located in Eastern Europe. It also claims that the teen is a well-known member of the hacking underground.

IntelCrawler described the BlackPOS program written by the team as not very advanced. This information supports Wired's claims this week that the original malware program was enhanced so that antivirus programs would be unable to detect it.

On Tuesday, security journalist Brian Krebs reported that the attack on Target used malware based on BlackPOS. Krebs was responsible for breaking the stories on both the Target and Neiman Marcus security breaches.

A second security firm called iSight told Wired that the attackers used several other malicious tools to break into Target's network and lift stolen data. According to iSight's Cybercrime Team Manager Jayce Nichols, the strength of the attack wasn't most dependent on the "individual components" of the operation -- which he described as "not necessarily sophisticated." Instead it is the way that each piece was combined to construct the overall attack that makes the case distinct.

More News from IBT MEDIA