Posted on 01/18/2014 9:03:36 AM PST by Sub-Driver
January 18, 2014 17 year old fingered as author of malware used in Target attack Rick Moran
A 17 year old Russian hacker who goes by the online handle of "ree4" has been identified as the author of the malware that was used to attack Target and Neiman Marcus.
The teenager, Sergey Taraspov, is well known in cyber crime circles having developed other malicious codes to hack commercial systems. He apparently sold about 40 copies of his program to criminals who then modified it slightly and used it to sweep up at least 80 million debit and credit card numbers from Target alone.
Now, the firm that first revealed the Target attack, is saying that 6 other companies suffered a similar fate.
PC World:
Clements said IntelCrawler is "90 percent" sure of its finding, based on the forum postings and sources it communicated with.
The forum posts indicate the teenager sold the malware for $2000 or for a share of the profits that came from monetizing stolen payment card details, Clements said.
BlackPOS was also sold to "carding" websites such as .rescator, Track2.name and Privateservices.biz that trade in stolen card details, according to IntelCrawler.
BlackPOS was originally called Kaptoxa, which is Russian slang for potato. Clements said the Russian teenager eventually renamed the malware BlackPOS during a fresh marketing push.
Dallas-based security company iSight Partners wrote in a report earlier this week on the Target hack, which it called the "Kaptoxa operation." It says the hackers used a high level of skill to gain stealthy access to the retailer's network.
International Business Times is reporting that the 6 other companies targeted in the hack have not informed their customers yet:
(Excerpt) Read more at americanthinker.com ...
Well you don’t know where his conscience actually is. Only God, and people closer to the situation, do. Overkill can be harmful.
I.e. we will always seek in vain for an optimal “one size fits all” penalty. Granted that countries with a code like the US have attempted to base it on the way the crime looks externally. Judges and courts used to have wisdom, when they also had God.
Right now there's no evidence that he's been arrested and according to the article, he's created and sold hacking programs before........
In fact, I don't know if there are any legal grounds to arrest him since he wasn't responsible for stealing the Target info......
Old Windows, at 13 years, ancient really.
Hackers have improved their attack tools, now it’s time to update our defenses. Microsofts response is to leave the old castle walls behind and build something that is up to the task.
It won’t stop Target-like breaches, as the Target doors were left open, but to those of us who keep up with things it will be much safer.
I can see the point that this is not customarily how Microsoft operates.
But if I were Bill Gates, and had a heart, I’d try to help customers of the old stuff, by designing the new stuff to be easier to use in place of the old if nothing more.
No doubt. I don’t think they take anybody’s advice.
I’m using Windows 8.1 on my desktop for a few months now, and as far as usability, it operates more or less the same as XP which I used for about 10 years.
It has some really nice features, spell check on FR for example.
Well, ultimately all wisdom comes from God. If they won’t get a clue from God either directly or indirectly they will hobble themselves. GNU/Linux ought to be a pip squeak operation. It isn’t. IIRC, half of web servers are GNU/Linux. FR is. (Hey Jim Rob, what do you think of the legacy of that crazy liberal Richard Stallman? :-)
If Red Hat put itself to tailoring supported Linuxes to the ATM market, it might find itself on, well, a rocket ship to greater success.
Well spellcheck is in my Firefox browser and that’s anywhere, Windows or otherwise.
I’d like to see Red Hat see if it can make some hay out of this. Provide a Windows to Linux migration path for the embedded world. Microsoft could be high tech, there is no fundamental reason it couldn’t, but right now it is just high shortsighted business. That is a human choices problem.
Some were robbed right away. Others will happen over time because criminals are smart enough to sit on a lot of the numbers and hit them over time.
Well, Target knew which ones. So the banks know now.
No they don’t. They know 80Million were taken. but they don’t know which they were. They’re trying to figure that out right now.
These braino kids are going to revolt against this screwed up government one day. When they realize how they are getting screwed....look out government computers.
Well they did know where the spyware was. They might come up with too large a list, but not too small.
If we’re going to use drones on terrorists...
They would have to shut down every Target credit and debit card and it would be a massive hit to their financials...so they won’t do it.
Somehow couldn’t there be an in-between measure. Like to put heightened watches on those cards.
Sounds like a job for The Eraser.
According to this article, BlackPOS is totally written in VBScript.
Sergey Taraspov (ree4) |
http://it.slashdot.org/story/14/01/17/1317234/target-credit-card-data-was-sent-to-a-server-in-russia
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.