Security firm IntelCrawler says it has identified Target malware author

Phil Coale/AP - FILE - In this Jan. 18, 2008 file photo, a customer signs his credit card receipt at a Target store in Tallahassee, Fla.

Security firm IntelCrawler said Friday that it has identified a Russian teenager as the author of the malware probably used in the cyberattacks against Target and Neiman Marcus, and that it expects more retailers to acknowledge that their systems were breached.

In a report posted online, the Sherman Oaks, Calif., company said the author of the malware used in the attacks has sold more than 60 versions of the software to cybercriminals in Eastern Europe and other countries.

Target breach: What you need to know

Target breach: What you need to know

Important information for customers affected by Target’s data breach.

More tech stories

What would you change about the Internet?

What would you change about the Internet?

AOL co-founder Steve Case offers his answer.

The end of driving

The end of driving

Eventually self-driving cars will prevent tragedies, but for now we must tackle distracted driving.

How to celebrate Earth Day in space

How to celebrate Earth Day in space

Two NASA astronauts demonstrate how to slickly pass a microphone in zero gravity.

The firm said the 17-year-old has roots in St. Petersburg. He reportedly has a reputation as a “very well known” programmer in underground marketplaces for malicious code, the report said.

The company said the teenager did not perpetrate the attacks, but that he wrote the malicious programs — software known as BlackPOS — used to infect the sales systems at Target and Neiman Marcus. Andrew Komarov, the chief executive of IntelCrawler, said the attackers who bought the software entered retailers’ systems by trying several easy passwords to access the registers remotely.

“It seems that retailers still use quite easy passwords on most remote-access” servers, Komarov said. He added that there do not appear to be many restrictions on who has access to the remote point-of-sale servers in numerous companies. This, he said, could enable hackers to gain access to a prime target: back-office servers where criminals can pick up pools of data from multiple stores.

Target declined to comment on the report. Neiman Marcus spokeswoman Ginger Reeder said that she has heard no claim about weak passwords from anyone with direct knowledge of the retailers’ system.

Komarov first identified the software last March and reported it to Symantec and other security firms. Before both breaches, IntelCrawler said in its post, the company detected attempted attacks on point-of-sale terminals across the United States, Australia and Canada.

That indicates that more companies, specifically retailers, are likely to discover attacks on their systems in the near future, company executives said. The firm has identified six additional breaches at other retailers of various sizes across the country, Komarov said. He did not identify those retailers.

Last month, Target announced that hackers had gained access to as many as 40 million credit and debit cards used by its customers during the height of the holiday shopping season, later extending that figure to as many as 110 million. Neiman Marcus has also disclosed that it was the victim of an attack but has not disclosed how many customers were potentially affected.

Both companies have said the breaches are under investigation by federal authorities.

Another security company, Dallas-based iSight Partners, said this week that the malware that may have infected Target may also have affected a “large number” of other retail-information systems. The software bears strong similarities to malware for sale in Russian-language underground marketplaces that is designed to attack those systems, the company said.

 
Read what others are saying