Security analysts researching the December break-ins into Target, Neiman Marcus and other US retailers are on to something big. The malware used in the attacks on this online retails stores is said to have been BlackPOS (earlier known as Kaptoxa), which was purchased by the attackers from various underground sites and forums.
One of the firms researching these incidents of hacking, IT security firm IntelCrawler has identified the alleged developer of BlackPOS. The company has reasons to believe that the developer of the BlackPOS malware used in targeting ‘Target’ and an another high end retailer is Sergey Taraspov, is a 17-year-old teenager from Russia.
Though nothing is known about Sergey, he is known as “ree” in the underground forums and cyber crime scene. The evidence being dug out by InterCrawler suggests that when he first created the malware he had initially named it as Kaptoxa. He then renamed it BlackPOS in March 2013 and began selling it on underground forums and sites. The Kaptoxa or BlackPOS was initially used to to infect the point-of-sale (POS) systems in Canada, Australia, and the US though much is not known about how many POS were actually hacked at that time.
From the period March 2013 to December 2013, Sergy is believed have sold over 40 builds of his creation to cybercriminals in Eastern Europe and other countries for around $2,000 (€1,500) or against half the profit made from selling stolen payment card data.
Some of the sites on which BlackPOS was sold by Sergey are Privateservices.biz, .rescator, and Track2.name. These underground sites specialize in payment cards (Credit/Debit cards).
Sergey or “ree” is also said to be the man behind the creation of brute force attack and other malicious tools. He has also made some money by providing online tutorials for DDOS attack training and social media account hacking.
“He is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers,” noted Dan Clements, IntelCrawler president.
Though both Nieman Marcus and Target were targeted at the same time in mid December, researchers from Seculert who have anlaysed both the break ins have not found any direct connection between the too. Though it is remotely possible that BlackPOS was used in hacking Nieman Marcus as well. IntelCrawler said that it has identified six additional retailers who had suffered data breaches from March 2013 to December 2013 but it has declined to name them.