According to a recent blog post from the IT security firm IntelCrawler, researchers into the attack which claimed the credit card details and information of over 70 million Target customers last month may have finally identified the source of software that made the lucrative heist possible.
By tracking the username “Ree” on several different forums who claimed to have access to the program, CEO of Crawler, Andrew Komarov was able to locate the broadcast point of those advertisements as a server set up in St. Petersburg under the name Sergey Taraspov. A 17-year old hacker from Russia, the name rings the bells of several different security watchdog lists, who have had him in their sights over the past several months in connection with several other high-profile cracks that are making their way around the web.
The teenage whiz kid wasn’t actually behind the attack himself, but did provide the software (called BlackPOS), to thieves who were interested in stealing the debit card data. Upwards of 40 different versions of the malware have been sold by Sergey, for anywhere between $50 to $2000 USD a piece.
Perhaps most worryingly, Karamov suspects that Target and Neiman Marcus were only the tip of the iceberg for BlackPOS, and that there may be as many as six other attacks currently underway at popular big box stores around the country.
If you believe your details may have been compromised during the holiday season, be sure to keep a close eye on your account statements and immediately report any suspicious activity to your financial provider.