They are known as “coders” and “carders,” high-tech gurus who live in a digital underworld, says the Minneapolis Star Tribune. Their identities have been elusive, but their tactics and profiles are emerging in the aftermath of the malware attacks against Target and other retailers. A 23-year-old Russian, said to use the online nickname Ree, told a television interviewer he cowrote the code used by whoever orchestrated the Target attack. Investigators are trying to find out more about someone else, known as Rescator, who has been selling stolen card data from Target. A security intelligence firm that tracks carder activity says it is following a ring of nine people dealing in access to hacked point-of-sale terminals.
Some of the hacked terminals being offered in the underground forums come preloaded with memory-scraping malware, such as the type used in Target's huge breach, said Dan Clements, president of Los Angeles-based IntelCrawler. The group is mostly from Eastern Europe, but one of the hackers is based in the United Kingdom, he said. “This niche was fairly developed and fairly sophisticated back in the spring,” Clements said. “Thus the Target attack was not really a surprise.” Clements, whose team has been independently tracing the band's digital tracks for clients including global law enforcement, said it's “highly probable” the group is related to the memory-scraping point-of-sale malware involved in the attack on Target, in which cyberthieves scooped up the payment card information of 40 million people.