Security firm title="intelcrawler on target malware teen">IntelCrawler has released evidence supporting the identity of the programmer behind the BlackPOS malware that infected Target and other major U.S. retailers as the 17-year-old Russian teen shown above. Brian Krebs has been on his trail as well, but IntelCrawler CEO Andrew Komarov posed as a cyber criminal himself in order to chat in Russian with the purported perpetrator (handle: ree4) who has “sold more then 40 builds of BlackPOS to cybercriminals from Eastern Europe and other countries.”
As I reported earlier this week, the underlying malware comes cheap. Intriguingly, Komarov reports that ree4 was willing to sell the BlackPOS malware “for 2 000 USD or by receiving 50% from selling of all intercepted credit cards by his customer through Liberty Reserve.” Does this mean that this Russian teen could be getting a cut of some of these big retail hits? Unlikely, unless his code is very idiosyncratic and he provided a very custom build of it for the Target crooks or others.
According to the IntelCrawler research, BlackPOS was first discovered “in the wild” in March of 2013 and a server at Neiman Marcus was infected in mid-July. From Komarov’s exchange with ree4 it is clear that for this malware “you need standalone Point-of-Sale terminals with monitor and Windows.” It does not work with Verifone systems, because they secure the credit card data before passing it to a PC where it can be scraped from RAM by BlackPOS.
As a consumer, this would mean that retailers using Verifone systems are immune from this threat, but given the widespread nature of the BlackPOS attacks there is no telling how many other types of attacks are in progress that have not come to light yet.
Perhaps all of this activity is prelude to the iWallet or some other form of app-based point-of-sale standard by Apple, Google or some consortium, that will gain traction quickly because the vulnerabilities of the old system have become too great. And you can bet that smartphone POS malware will follow any such developments. This is a case, as I have suggested in discussions of Apple’s TouchID technology, where the closed nature of the iOS platform will be seen as a great benefit.
Square and other innovators in the POS market also stand to gain from the insecurity of traditional checkout terminals. These companies should be doubling down on security to make sure that they emerge as viable alternatives as the retail environment becomes increasingly insecure. Target itself would do well to find the best such alternative and implement it in a high-profile way. Disruption, however, may be the last thing this beleaguered retailer is thinking about at the moment as it hope to maintain business as usual.
– – – – – – – – – – – – – – – – – – – –