Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

17 year old fingered as author of malware used in Target attack
American Thinker ^

Posted on 01/18/2014 9:03:36 AM PST by Sub-Driver

January 18, 2014 17 year old fingered as author of malware used in Target attack Rick Moran

A 17 year old Russian hacker who goes by the online handle of "ree4" has been identified as the author of the malware that was used to attack Target and Neiman Marcus.

The teenager, Sergey Taraspov, is well known in cyber crime circles having developed other malicious codes to hack commercial systems. He apparently sold about 40 copies of his program to criminals who then modified it slightly and used it to sweep up at least 80 million debit and credit card numbers from Target alone.

Now, the firm that first revealed the Target attack, is saying that 6 other companies suffered a similar fate.

PC World:

Clements said IntelCrawler is "90 percent" sure of its finding, based on the forum postings and sources it communicated with.

The forum posts indicate the teenager sold the malware for $2000 or for a share of the profits that came from monetizing stolen payment card details, Clements said.

BlackPOS was also sold to "carding" websites such as .rescator, Track2.name and Privateservices.biz that trade in stolen card details, according to IntelCrawler.

BlackPOS was originally called Kaptoxa, which is Russian slang for potato. Clements said the Russian teenager eventually renamed the malware BlackPOS during a fresh marketing push.

Dallas-based security company iSight Partners wrote in a report earlier this week on the Target hack, which it called the "Kaptoxa operation." It says the hackers used a high level of skill to gain stealthy access to the retailer's network.

International Business Times is reporting that the 6 other companies targeted in the hack have not informed their customers yet:

(Excerpt) Read more at americanthinker.com ...


TOPICS: Crime/Corruption; Foreign Affairs; News/Current Events
KEYWORDS: blackpos; kaptoxa; potato; ree4; taraspov; target; targetmalware
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-93 last
To: rktman

I wouldn’t hire him. He’s proven he’s not trustworthy, so I couldn’t rely on him not to write a backdoor. He could be useful as a tester.


81 posted on 01/18/2014 11:58:06 AM PST by Cyber Liberty (H.L. Mencken: "The urge to save humanity is almost always a false front for the urge to rule.")
[ Post Reply | Private Reply | To 7 | View Replies]

To: rktman
Looks like he has a big future with some software outfit designing protection software to keep hackers and malware attacks out.

Either that, or he'll end up as a low-on-the-totem-pole drone , working for the Russian mafia.

82 posted on 01/18/2014 12:00:14 PM PST by hoagy62 ("Tyranny, like hell, is not easily conquered..."-Thomas Paine. 1776)
[ Post Reply | Private Reply | To 7 | View Replies]

To: HiTech RedNeck
Someone could forge a charge with just the card number.

Offline, you need more than just the number to forge a card. The mag stripe data includes a CVV (card verification vector) field, which is a secret function of the card number and expiration date. Thus, you need the actual mag stripe image to make a card.

Once you've got a card with the proper mag stripe data, you can swipe with impunity at a lot of retail stores. However, some stores will ask to see the card, and the clerk will type in the last four of the account number. If it doesn't match the mag stripe, it's game over. Of course, you can emboss the card as well as re-encode the mag stripe, but that's a lot more trouble — mag stripe encoders cost about $300, but equipment to make a forgery that will pass a visual inspection is much more expensive.

Also, gas pumps around here have got into the habit of asking for your billing zip before authorizing.

For online transactions, there are other speed bumps. Namely, the billing address, which is not in the mag stripe data, and the CVV2, which is printed on the card but also not found in the mag stripe data.

In my case, there is a third speed bump. If my wallet is stolen, you still can't use my card online. That's because the billing address is a PO box which is nowhere to be found in my wallet.

83 posted on 01/18/2014 12:09:25 PM PST by cynwoody
[ Post Reply | Private Reply | To 26 | View Replies]

To: cynwoody

Online would be the place where “some” merchants do not require CVV2. (I remember reading about a political donation site that did not.) But I think they still do require address, so that may be safeguard enough.


84 posted on 01/18/2014 12:11:19 PM PST by HiTech RedNeck (The Lion of Judah will roar for you if you give him a big hug and a cheer and mean it. See my page.)
[ Post Reply | Private Reply | To 83 | View Replies]

To: HiTech RedNeck
OK, let’s get serious. Why do private hackers seem to have more of a clue than our spies and our crime investigators and crime prevention counselors. Maybe because the reward structure is more straight forward, if unethical.

Hackers like this make thousands of dollars from their work.

The technology security industry, selling to government, private sector companies and to the retail market, is a multi-billion dollar industry.
85 posted on 01/18/2014 12:12:00 PM PST by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 3 | View Replies]

To: HiTech RedNeck
OK, let’s get serious. Why do private hackers seem to have more of a clue than our spies and our crime investigators and crime prevention counselors. Maybe because the reward structure is more straight forward, if unethical.

Of course, the multi-billion dollar security industry needs some hackers out there in order to create a need for their products and services.
86 posted on 01/18/2014 12:14:08 PM PST by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 3 | View Replies]

To: usconservative
I'm willing to bet that some research will turn up he's either from, or has family in the Chechen region and ties to a muslim radical group.

Anyone want to take that bet?

Nope. The odds are long against that. He's from St. Petersburg, which is in the north of Russia proper, nowhere near Chechnya. Rooskies seem to have a natural aptitude for hacking, needing no input from Islam.

87 posted on 01/18/2014 12:14:30 PM PST by cynwoody
[ Post Reply | Private Reply | To 28 | View Replies]

To: HiTech RedNeck

That’s what i’m telling you....they don’t know which cards and which identities...


88 posted on 01/18/2014 12:16:53 PM PST by Solson (The Voters stole the election! And the establishment wants it back.)
[ Post Reply | Private Reply | To 77 | View Replies]

To: UriÂ’el-2012

Thanks for posting that update.


89 posted on 01/18/2014 12:17:14 PM PST by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 80 | View Replies]

To: PieterCasparzen

I don’t take any “of courses” as gospels.


90 posted on 01/18/2014 12:20:47 PM PST by HiTech RedNeck (The Lion of Judah will roar for you if you give him a big hug and a cheer and mean it. See my page.)
[ Post Reply | Private Reply | To 86 | View Replies]

To: HiTech RedNeck
Someone like Kaspersky should hire him

If Kaspersky is hiring, there is an unemployed American security infrastructure specialist with a much stronger resume currently residing in Moscow. Kaspersky should hurry, before he decamps for Brazil.

91 posted on 01/18/2014 12:30:24 PM PST by cynwoody
[ Post Reply | Private Reply | To 8 | View Replies]

To: HiTech RedNeck
Well, Target knew which ones. So the banks know now.

Target's not supposed to be storing the full account numbers. They're only allowed to retain the first six and the last four. That, and they also have the authorization codes and the exact date and time.

So, Target doesn't have the full list (except for their own store card, the REDcard™). However, the banks could conjure up the list by passing their databases and flagging charges made by Target customers in the affected time period.

92 posted on 01/18/2014 12:42:43 PM PST by cynwoody
[ Post Reply | Private Reply | To 71 | View Replies]

To: HiTech RedNeck

why are you blaming Bill Gates? He has been gone from MS for years.


93 posted on 01/18/2014 4:01:28 PM PST by RitchieAprile
[ Post Reply | Private Reply | To 65 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-93 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson