A Russian teenager allegedly authored the malware behind the Target data breach during the holiday-shopping season, and the same malware may have also been involved in the Neiman Marcus attack, reports USA Today. IntelCrawler, based in Los Angeles, says Sergey Taraspov, authored the malicious software and reportedly sold it for about $2,000 to dozens of cybercriminals in Eastern Europe and other countries. “The probability is rising that the perpetrator of the (Target breach) got the program from him,” says Dan Clements, IntelCrawler president.
The firm says Taraspov is “close” to 17 years old. The firm did the first report on the malware, known as BlackPOS, earlier last year and Taraspov was identified then as the alleged author. Taraspov allegedly is a well-known programmer of malicious code in the underground world. Target, the nation’s second-largest retailer, has apologized for the security breach, which it said affected between 70 million and 110 million shoppers. Neiman Marcus has not said how many customers were affected by its breach, though security analysts have said they believe it was at least 1 million shoppers. Clements says IntelCrawler has uncovered six other breaches at retail stores, including two small clothing firms in Los Angeles and four mid-sized department stores in Colorado, Arizona, New York and California.