Retailer malware traced to Russian teen
Security firm IntelCrawler said Friday that it has identified a Russian teenager as the author of the malware probably used in the cyberattacks against Target and Neiman Marcus, and that it expects more retailers to acknowledge that their systems were breached.
In a report posted online, the Sherman Oaks, Calif., company said the author of the malware used in the attacks has sold more than 60 versions of the software to cybercriminals in Eastern Europe and elsewhere.
The firm said the 17-year-old reportedly has a reputation as a "very well known" programmer in underground marketplaces for malicious code, the report said.
The company said the teenager did not perpetrate the attacks, but that he wrote the malicious programs - software known as BlackPOS - used to infect the sales systems at Target and Neiman Marcus. Andrew Komarov, the chief executive of IntelCrawler, said the attackers who bought the software entered retailers' systems by trying several easy passwords to access the registers remotely.
"It seems that retailers still use quite easy passwords on most remote-access" servers, Komarov said. He added that there do not appear to be many restrictions on who has access to the remote point-of-sale servers in numerous companies. This, he said, could enable hackers to gain access to a prime target: back-office servers where criminals can pick up pools of data from multiple stores.
Target declined to comment on the report. Neiman Marcus spokeswoman Ginger Reeder said that she has heard no claim about weak passwords from anyone with direct knowledge of the retailers' system.
Komarov first identified the software last March and reported it to Symantec and other security firms. Before both breaches, IntelCrawler said in its post, the company detected attempted attacks on point-of-sale terminals across the United States, Australia and Canada.
That indicates that more companies, specifically retailers, are likely to discover attacks on their systems in the near future, company executives said. The firm has identified six additional breaches at other retailers of various sizes across the country, Komarov said. He did not identify those retailers.
Last month, Target announced that hackers had gained access to as many as 40 million credit and debit cards used by its customers during the height of the holiday shopping season, later extending that figure to as many as 110 million. Neiman Marcus has also disclosed that it was the victim of an attack but has not disclosed how many customers were potentially affected. Both companies have said the breaches are under investigation by federal authorities.
Another security company, Dallas-based iSight Partners, said last week that the malware that may have infected Target may also have affected a "large number" of other retail-information systems. The software bears strong similarities to malware for sale in Russian-language underground marketplaces that is designed to attack those systems, the company said.