Posted on 01/18/2014 9:03:36 AM PST by Sub-Driver
January 18, 2014 17 year old fingered as author of malware used in Target attack Rick Moran
A 17 year old Russian hacker who goes by the online handle of "ree4" has been identified as the author of the malware that was used to attack Target and Neiman Marcus.
The teenager, Sergey Taraspov, is well known in cyber crime circles having developed other malicious codes to hack commercial systems. He apparently sold about 40 copies of his program to criminals who then modified it slightly and used it to sweep up at least 80 million debit and credit card numbers from Target alone.
Now, the firm that first revealed the Target attack, is saying that 6 other companies suffered a similar fate.
PC World:
Clements said IntelCrawler is "90 percent" sure of its finding, based on the forum postings and sources it communicated with.
The forum posts indicate the teenager sold the malware for $2000 or for a share of the profits that came from monetizing stolen payment card details, Clements said.
BlackPOS was also sold to "carding" websites such as .rescator, Track2.name and Privateservices.biz that trade in stolen card details, according to IntelCrawler.
BlackPOS was originally called Kaptoxa, which is Russian slang for potato. Clements said the Russian teenager eventually renamed the malware BlackPOS during a fresh marketing push.
Dallas-based security company iSight Partners wrote in a report earlier this week on the Target hack, which it called the "Kaptoxa operation." It says the hackers used a high level of skill to gain stealthy access to the retailer's network.
International Business Times is reporting that the 6 other companies targeted in the hack have not informed their customers yet:
(Excerpt) Read more at americanthinker.com ...
That’s something I hadn’t heard, but it sure does look like “theft of useless data” if so. Target was doing exactly what it ought to have done, and deserves kudos in this case.
The new breed of quantum computer may eventually get to the place where it can take on daunting encryption problems, but it’s got a way to go.
We still haven't heard who the other 3 “mall type” stores that were also hacked.
The PINs for all debit card transactions are Triple-DES encrypted, NOT the rest.
My bad. The PINs of all debit cards were Triple-DES encrypted, not the rest.
Well that’s a different kettle of fish. Someone could forge a charge with just the card number.
And since PINs are 4 digits long, a random run would be able to ding 1 in every 10,000 cards.
"Look Sergei, we're not asking you to spy. We're asking you to steal."
I'm willing to bet that some research will turn up he's either from, or has family in the Chechen region and ties to a muslim radical group.
Anyone want to take that bet?
You may be interested in this post on another thread: http://www.freerepublic.com/focus/f-news/3112981/posts?page=55#55
The poster, Freeper USC explains in more detail what happened at Target. Microsoft isn’t the company that needs the security lesson.
That name sounds about as authentically Roosky as Jones is authentically British/American. A Google for Taraspov and Chechnya turned up NO hits. (A guy named Tarasov is an advisor to the [Russian] prime minister of Chechnya.)
I wish the penalty for these types of crimes were as severe as 2nd degree murder. (If I were king, I would make it a capital offense)
The bank obviously (they DID tell me they had never seen that destination before and thus tried to alert me) knows my activities and because I did not respond to an alert within 24 hours, they refused the pymt and froze my card
A pain in the ass, but at a time when I was paying a bill, that was MOST appreciated.
IF then, the hackers know they can't actually USE the numbers ... I can only guess they're schooling themselves for (I hope .. ) that big, take out the governmet (IMF?, FedRes? ..) hustle that saves real, little people and crushes the enemy, rogue government.
I'll probably (I hope) be dead by the time it all comes to a head.
If not ...
popcorn's on
It would help if Microsoft were more up on this.
They probably want to sell a more advanced version of embedded Windows rather than advising current license holders. But being too pinchy about the pennies hurts their reputation.
GNU/Linux would have been a harder target.
Good thought ... ain’t takin’
I think this is bs also. Had heard that this was an inside job and that is probably true at some level. I wonder how much the credit rating companies profit off of this when millions are compromised. I had to pay up last year when someone used a card of mine at a sears and I found out about it like a year later. I had to spend around 70 or 80 dollars at the big 3 credit rating companies. I can only imagine they love this kind of thing. I would wonder at the long term agenda as the public is made to believe more security is needed and oversight from government is needed to keep us safe from reckless 17 year olds and identity thieves.
I guess we can thank the NSA for keeping us secure.
Has anyone suggested he be hired by obamacare yet? Posting before I look and count how many!
Until the Tsarnaev brothers bombed the Boston Marathon, there were no google hits for that name in Chechnya either.
Not so sure I'd want to take the bet based on a google search.
Google knows alot, it doesn't know everything.
BAZINGA!! Post of the day. WTG NSA! You missed another one scooping up all our emails, texts and phone calls .... chuckleheads!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.