scorecardresearch Skip to main content

Security firm traces malware back to Russian teen

WASHINGTON — Security firm IntelCrawler said Friday that it has identified a Russian teenager as the author of the malware probably used in the cyberattacks against Target and Neiman Marcus, and that it expects more retailers to acknowledge that their systems were breached.

In a report posted online, the Sherman Oaks, Calif., company said the author of the malware used in the attacks has sold more than 60 versions of the software to cybercriminals in Eastern Europe and other countries.

The firm said the 17-year-old has roots in St. Petersburg. He reportedly has a reputation as a ‘‘very well known’’ programmer in underground marketplaces for malicious code, the report said.


The company said the teenager did not perpetrate the attacks, but that he wrote the malicious programs — software known as BlackPOS — used to infect the sales systems at Target and Neiman Marcus. Andrew Komarov, the chief executive of IntelCrawler, said the attackers who bought the software entered retailers’ systems by trying several easy passwords to access the registers remotely.

‘‘It seems that retailers still use quite easy passwords on most remote-access’’ servers, Komarov said.

He added that there do not appear to be many restrictions on who has access to the remote point-of-sale servers in numerous companies. This, he said, could enable hackers to gain access to a prime target: back-office servers where criminals can pick up pools of data from multiple stores.

Target declined to comment on the report. Neiman Marcus spokeswoman Ginger Reeder said that she has heard no claim about weak passwords from anyone with direct knowledge of the retailers’ system.