The crisis of the holiday season may be able to be pegged to a single Russian teenager. IntelCrawler, a cybersecurity organization, claims it has found the hacker behind Target's massive security breach last month. The data theft, which happened at the peak of the shopping season, resulted in upwards of 70 million Target customers' private information being compromised, including everything from names and e-mail addresses to to more personal details like phone numbers and credit card numbers.
IntelCrawler said on Friday that the breach was the result of malware that infected Target's entire system — and possibly compromised the systems of other retailers like Neiman Marcus, which reported a similar security breach this month. The malware, which IntelCrawler describes as an "off-the-shelf" product known as BlackPOS, was allegedly written by Sergey Taraspov, a 17-year-old Russian who may live in St. Petersburg. The first sample of the software was completed in March 2013, and since then more than 60 versions have been sold around the world.
The fact that so many criminals have access to BlackPOS means that we don't actually know who compromised Target's servers. More bad news: whoever did was able to get into the servers by entering several very simple passwords until one worked, and there don't seem to be many restrictions on who has direct access. IntelCrawler expects more companies to acknowledge BlackPOS infiltrations in the near future – including six retailers it has identified but will not name. Keep your fingers crossed that it's nowhere you shop.