Pictured: Russian teen who ‘made software used in Target hack that stole 110MILLION credit card numbers’
- 17-year-old allegedly wrote code that gave hackers access to Target’s point of sales system and all its cash registers
- Almost all of Target’s 1,797 stores in the US were targeted as 40,000 credit card swipe machines were hacked
- Second largest theft of credit card details in American history
- Data mining software installed on swipe machines sent card details to hackers
A baby-faced teenager is the key suspect behind the software that was used in the massive security breach at Target over the holidays.
As many as 110 million Target shoppers had their credit card details stolen after a computer program was written to collect the credit card details of shoppers.
The data theft, unprecedented in its scale, took place over a 19-day period that began the day before Thanksgiving. Target said that it identified and resolved the issue on December 15.
Whiz kid: Decurity company IntelCrawler posted these Web images of 17-year-old Russian, Sergey Taraspov. It’s believed he may be the architect of the malware that hacked up to 110 million Target customers
Soft target: Experts believe the hackers attacked Target’s point-of-sale system, pulling customers’ data directly from cash registers
HOW DID HACKERS STEAL THE CREDIT CARD DETAILS?
Hackers are thought to have stolen the credit card details by breaking in to Target’s computer systems and installing data mining software on credit card machines.
The software installed on 40,000 machines across Target’s 1,797 stores read the information on a card’s magnetic strip -including account number, sort code and CCV code – when it was swiped through the machine.
All the card details were then sent back to the hackers through the Internet, before the theft was discovered after nearly three weeks.
It is thought hackers obtained the data by remotely installing software on 40,000 credit card machines in nearly all of Target’s 1,797 stores nationwide.
It’s also thought the malicious software, or malware, has infected the payment systems of six other retailers too.
The firm, IntelCrawler, which has tracked the malware’s architect for months, believes the main suspect to be a 17-year-old Russian.
He’s a 17-year-old with ‘roots’ in St.Petersburg, Russia, according to the report and conversations with executives from IntelCrawler.
IntelCrawler CEO Andrew Komarov didn’t accuse the young man of the Target heist but said he believes he developed the software used to skim credit card numbers and other personal data from millions of Target shoppers.
The malware, known as BlackPOS, has been downloaded at least 60 times since it was created, Komarov said.
A Target investigation into the security breach which took place over the busy holiday period showed that the stolen information included names, mailing addresses, phone numbers and email addresses
IntelCrawler has alerted US authorities and Visa of the fresh attack targets, Komarov said. The firm began detecting large-scale cyber attacks on point-of-sale terminals across the U.S., Canada and Australia in early 2013. The company is not aware of any non-U.S. Retailers now being attacked with BlackPOS software, Komarov said.
The CEO began investigating the malware case in March at the request of banking clients and pretended to be a ‘bad actor’ seeking to acquire the BlackPOS software.
The architect was selling the malware for $2,000 a time, but offered discounts to buyers who agreed to split the profits they reaped from the product.
After Target revealed that its massive security breach was due to BlackPOS, Komarov went back to track down the architect’s ID.
The Target attack has potentially compromised 40 million card accounts with some 70 million shoppers’ email and other personal information also stolen from a separate system during the security breach.
Target has advised its customers to check their statements carefully. Those who see suspicious charges on the cards should report it to their credit card