Investigators have traced the cyberattack that affected millions of U.S. shoppers during the holiday season to a 17-year-old Russian, who reportedly sold his malicious software on the black market for $2,000 a pop, a computer security firm said.
The California-based IntelCrawler firm said in a report posted online this weekend that its security researchers have linked the attack to Sergei Taraspov, a "very well known programmer of malicious code in underground" and said the suspect was a teenager with "roots" in St. Petersburg and Nizhny Novgorod.
The attack has compromised millions of credit and debit card accounts and personal data for customers of U.S. retailer Target and other stores, also stoking concerns that those people may become vulnerable to identity theft.
Taraspov, who went by the online nickname of "ree[4]," wrote the malicious software, called BlackPOS, and sold it to the perpetrators of the attacks on the Internet black market, IntelCrawler said.
IntelCrawler posted excerpts from supposed online conversations between "ree[4]" and his customers in Internet chat rooms, discussing details of the program and the price to buy it.
Taraspov was selling his code for $2,000, but offered discounts to buyers who agreed to split the profits they reaped from the product, IntelCrawler's chief executive Andrew Komarov said, the New York Post reported this weekend.
The malicious software was dubbed "Kaptoxa" — a mixture of Cyrillic and Latin reading of letters that spells the Russian word "kartokha," a colloquial term for "potato."
The programmer "is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers", IntelCrawler President Dan Clements said in the online report.
The firm has identified six additional breaches at other retailers of various sizes across the country, Komarov said, the Washington Post reported on Sunday.
Target declined to comment on the findings.
