Skip to content

Russian teen created BlackPOS malware used to hack Target, Neiman Marcus data: report

A 17-year-old Russian national from St. Petersburg was responsible for the malicious programing that allowed for data from Target and Neiman Marcus to be compromised, according to a California-based security firm.
AP Photo/Jeff Chi/ASSOCIATED PRESS
A 17-year-old Russian national from St. Petersburg was responsible for the malicious programing that allowed for data from Target and Neiman Marcus to be compromised, according to a California-based security firm.
Author
PUBLISHED: | UPDATED:

From Russia, with malware.

A 17-year-old Russian national from St. Petersburg was responsible for the malicious programing that allowed for data from Target and Neiman Marcus to be compromised, according to a California-based security firm.

IntelCrawler said in a blog post Friday that it identified the creator, who they said wasn’t responsible for the security breaches of the two retailers, but rather sold the software to cybercriminals throughout Eastern Europe.

Screenshot allegedly implicating the 17-year-old programmer as the hacker behind the program that led to security breaches at Target at Neiman Marcus.
Screenshot allegedly implicating the 17-year-old programmer as the hacker behind the program that led to security breaches at Target at Neiman Marcus.

The company’s CEO, Andrew Komarov, said it was possible for Target and Neiman Marcus to be hacked after the software tried several easy passwords to remotely hack the stores’ registers, and added that the malware, called BlackPOS, has been downloaded some 60 times.

Target’s security breach following a Black Friday shopping blitz affected up to 110 million customers. However, Neiman Marcus has yet to reveal how many shoppers were affected, or what kind of data was taken.

A 17-year-old Russian national from St. Petersburg was responsible for the malicious programing that allowed for data from Target and Neiman Marcus to be compromised, according to a California-based security firm.
A 17-year-old Russian national from St. Petersburg was responsible for the malicious programing that allowed for data from Target and Neiman Marcus to be compromised, according to a California-based security firm.

The luxury retailer’s CEO, Karen Katz said in a statement that the company is “very sorry” for the breach, adding “we want you always to feel confident shopping” at the store.

But this is just the tip of the iceberg, Komarov said, citing findings that there are at least six ongoing attacks within U.S. merchants or retailers that use online credit card processing.

U.S. officials have launched an investigation into the Neiman Marcus and Target breaches and are looking into a possible connection.

bstebner@nydailynews.com