Target Identifies Suspects, Security Breaches Become Growing Concern

Press enter to search
Close search
Open Menu

Target Identifies Suspects, Security Breaches Become Growing Concern

By Nicole Giannopoulos - 01/21/2014
The Target data breach was quick to snowball. Originally noting 40 million cards possibly compromised, the number quickly escalated to 100 million. Friday, the retailer announced it will invest $5 million to work with the National Cyber-Forensics and Training Alliance, National Cyber Security Alliance and Better Business Bureaus in order to launch a campaign that will educate the public on cyber-security issues. The retailer's goal is to learn about the threats and the best ways to educate the public. In the meantime, the developments in the case continue.
 
The malicious software – or malware – that was used to infect Target payment systems has also infected the systems of six other retailers, a sign that half-dozen other attacks may be underway. The California cyber-security firm tracking the malware's architect, IntelCrawler, said it tracked the author of the malware, or malicious software, used in the Target breach to a 17-year-old from St. Petersburg, Russia, under the online nickname "ree4", who has been selling it for around $2,000 a pop.
 
Andrew Komarov, IntelCrawler CEO, stated that he believes "ree4" was involved in the development of the software that was used to skim credit card numbers and other personal data from millions of Target shoppers. The malware used has been identified as BlackPOS, and has been downloaded at least 60 times since its creation, noted Komarov.
 
On Monday, IntelCrawler issued an updated report stating the teenager was serving as "technical support" for a second Russian man, who has been identified as the author of BlackPOS. Creating a bit of controversy, cyber-security expert Brian Krebs has noted that the author of the malware is actually a Ukrainian resident instead. However, even if the identity of the malware's architect is in dispute, the fear that other retailers may be at risk is not.
 
Just a few short days after the cyber-security firm tied the massive retail hack to Russia, police in southern Texas arrested a duo from Mexico in connection with the heist. Mary Carmen Garcia and Daniel Guardiola Dominguez, both of Monterrey, Mexico, were taken into custody by federal and local agents as they crossed into the U.S. on Sunday, according to the McAllen, Texas, police department.
 
The two were in possession of 96 counterfeit credit cards that, according to police on Monday, are believed to be linked to the Target security breach.
 
While the Target data breach may have affected up to 110 million people, there will also be massive repercussions for payments companies, such as hardware providers VeriFone and Ingenico. The widespread breach places pressure on merchants to guarantee they are using updated hardware with strong data security protections.

The EMV standard is not yet perfect because stop card-not-present fraud cannot be stopped – instead it may actually help to facilitate it. However, the card networks, which hold a lot of power in the payments industry, want merchants to adopt it.
 
For related content:
Neiman Marcus Hit With Security Breach and Website Outages
Target Data Breach Compromises 40M Cards
Target Off to a Rough Start in 2014
Target Makes Shopping Awesome
5 Retailers that Matter

RELATED TOPICS