The hack that nabbed millions of credit card and debit card accounts from Target, Neiman Marcus and additional retailers, may had been orchestrated at the hands of a teenager. Security firm, IntelCrawler developed a profile on the youngster, based on the incredible experience of CEO Andrew Komarov. Komarov actually encountered the devious malware at a previous company. On the firm’s blog, the experienced mind of the investigators uncovered a string that showed familiarity and most of all – a path of digital footprints.
IntelCrawler states the name of the malware changed but the string “BlackPOS” remained the same. The investigators connected this string to a hacker or contact named “Ree” who sold over 40 builds to cyber-criminals around the world. In addition to cyber-criminals, black market credit card stores purchased from this hidden disguise.
In mid December as shoppers completed their extensive holiday shopping lists, a shocking letter arrived in the mailbox of over 110 million Target customers. Additionally, Neiman Marcus customers may had been hacked by the same Russian teen. Neiman Marcus has not disclosed how many potential customers were affected by the hack. Early reports indicated the upscale store may had been hacked in December, like Target. It seems that may not be the case, and security experts are revealing timestamps show customers may had their data lifted as long as six months ago until it was caught in mid-December.
What is interesting is the reveal by IntelCrawler. Investigators with the company advise the BlackPOS program was not as advanced as expected. It seemed to cover enough traction to just skim past antivirus programs. That is surprising, considering the level and layers of security retail customers expect from their retailers.
The hack not only left a blemish for Target but for retailers around the globe, as they struggled to reassure customers security measures were in place. Komarov did state while he does not wholly accuse the 17-year old Russian for dispatching the malware, he does suggest the teen may had developed the actual software.
The malware devastated trust between consumers and retailers as reports surfaced of empty bank accounts and spent credit card balances. Consumers quickly stopped using credit cards at stores, but even gas stations have become vulnerable to hacks. In addition, once the hacker sells the information on the digital black market, additional details of the victim could be posted, including a social security number.
Cyber-crime by way of data hacks is big business for criminals. In addition, it is a problem that leaves legislators conflicted on what to do. Estimates show that globally, cyber-crime is costing closer to $1 trillion annually. Numbers have varied, because many companies do not wish to disclose their total list of victims to avoid negative media. More times than not, companies are unaware a loss is in place until they receive that fateful call from a nerve-racked consumer.
For a world that has developed robots, placed a machine on Mars and has wearable technology, it seems little has been completed to determine how to reduce this level of loss. As technology becomes explosive, the security to combat the vulnerabilities are becoming increasingly limited. Consumers hope security experts and those in technology command start ushering a new era of technology security before advancing further.
IntelCrawler may had uncovered the potential suspect in the data breach that hit Target and Neiman Marcus, but that is little comfort to those targeted. Further yet, many are wondering what are the next steps to capture the developing hacker? Very little has been released regarding tracking the culprit down. Additionally, technology strategists remain grim regarding the capture of the hacker, stating individuals and groups tend to move quickly once they realize they have been tailed. Many security experts worry that hacks are currently in place and happening from transactions completed months ago. It is suggested consumers add fraud protection to credit cards and obtain new debit card numbers/checking account numbers, if they suspect they may had been a victim.