Target breach linked to global cybercrime, researchers say

Jan 17, 2014
A couple of shoppers leave a Target store on a rainy afternoon in Alhambra, California on December 19, 2013

The massive data breach at US retailer Target is probably linked to a broader global network of cybercrime that may have affected other merchants, security researchers said.

US security firm iSight Partners concluded that the hackers who stole data on as many as 110 million Target customers comes from "a new piece of malicious software," which "has potentially infected a large number of retail information systems," according to a statement Thursday from the company, which has been working with US authorities.

A separate report by the Israeli-based firm Seculert said an analysis of the malware showed the attack "had two stages, which is a well known attribute of an advanced threat."

The malware first infected Target's checkout counters to extract credit numbers and sensitive personal details, "then after staying undetected for six days, the malware started transmitting the stolen data to an external FTP server, using another infected machine within the Target network" Seculert said.

Seculert said the hackers used a virtual private server (VPS) located in Russia to download the stolen data and "continued to download the data over two weeks." But the firm found no evidence of a link to other retailers such as Neiman Marcus, which was also compromised.

Jim Walter of McAfee Labs said in a blog post that his firm has found "credible evidence to indicate that the malware used in the Target stores attack is related to existing malware kits sold in underground forums."

Walter said the malware is similar in function to and possibly derived from a bug known as "BlackPOS" which first was detected last year.

Meanwhile researchers from IntelCrawler, a Los-Angeles based cyber intelligence company, said in a statement the BlackPOS malware was created by a 17-year-old hacker and has been used to infect retail systems in Australia, Canada and the US.

"The first name of the malware was a lyric 'Kaptoxa,'" which means potato in Russian slang, according to a statement from IntelCrawler.

The firm said the was sold more then 40 times to cybercriminals from Eastern Europe and other countries, including the operators of sites selling stolen credit card data.

The US Secret Service, which is leading the investigation, declined to comment on the latest developments.

Target meanwhile began notifying some of its customers that it was offering one year of free credit monitoring, to help customers guard against identity theft or unauthorized charges to their debit or credit cards.

Explore further: Neiman Marcus is latest victim of security breach

add to favorites email to friend print save as pdf

Related Stories

Neiman Marcus is latest victim of security breach

Jan 12, 2014

Luxury merchant Neiman Marcus confirmed Saturday that thieves stole some of its customers' payment card information and made unauthorized charges over the holiday season, becoming the second retailer in recent ...

Target: Customers' encrypted PINs were stolen

Dec 27, 2013

Target said Friday that debit card PIN numbers were among the financial information stolen from millions of U.S. customers who shopped at the retailer earlier this month.

UN atomic agency suffers 'malware' attack

Oct 22, 2013

The UN atomic agency said Tuesday that some of its computers were infected by malicious software, in its second embarrassing IT slip-up over the past year.

Recommended for you

Protecting infrastructure with smarter CPS

2 hours ago

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

Apple helps iTunes users delete free U2 album

15 hours ago

Apple on Monday began helping people boot U2 off their iTunes accounts after a cacophony of complaints about not wanting the automatically downloaded free album by the Irish rock band.

Habitual Facebook users: Suckers for social media scams?

21 hours ago

A new study finds that habitual use of Facebook makes individuals susceptible to social media phishing attacks by criminals, likely because they automatically respond to requests without considering how they are connected ...

YouTube to go offline in India on Android phones

22 hours ago

YouTube users in India will soon be able to save videos from the Google-owned service, making it possible to watch them offline, and the feature will eventually be available globally, the company said Monday.

Facebook vs. loneliness

Sep 15, 2014

Are people becoming lonelier even as they feel more connected online? Hayeon Song, an assistant professor of communication at UWM, explored this topic in recent research.

User comments : 0