16 Year Old Russian Douche Responsible for Attack on Target Customers

[L-Pink]

Target should hire a hit-man to waste fucks like this ???..

"The Target Corp. data breach that has hurt its sales and has made many consumers skittish about using their cards has been traced to a Russian teenager who authored the malware used in the security breach, according to a cyber-intelligence firm."

"IntelCrawler, based in Los Angeles, said that nearly 17-year-old Sergey Taraspov is a well-known programmer of malicious code in the underground world. The cyber-intelligence firm added the BlackPOS malware is an inexpensive ?off the shelf? malware, which it said may also have been involved in the Neiman Marcus attack."


http://blogs.marketwatch.com/behindt...s-data-breach/


.

[~Ray]

he must be protected

[tony286]

I dont understand why this payment systems and company info are on the internet not on a intranet. I got to figure its cost, well now it will cost them big time.

[HugeWood]

Quote:

Originally Posted by L-Pink

Target should hire a hit-man to waste fucks like this ???.

Or they could just hire competent IT personnel

[brassmonkey]

actually they end up hiring these smart people

[VikingMan]

This kid's IQ is probably larger than the collective IQ of Target execs.

[Struggle4Bucks]

Aha... that might explain all the denial counts in my sales stats....

[EddyTheDog]

16 year old douche with a high paid job for life...

[anexsia]

Here's a good article on it... http://blog.malwarebytes.org/intelli...target-attack/

I have no sympathy for people who write malware to cause harm and for financial gain.

[bronco67]

Russia's chief export is hackers and wacky dashcam videos.

[sandman!]

seems alot of the maleware comes out of eastern europe

[ctggls]

It's hard to believe that is was only one guy no matter how smart he is... Knowing the Russians and Eastern Europe there must be a little FSB / KGB involved there...

[ctggls]

Side note: i like some of the comments "Why didn't the NSA catch this. Aren't they monitoring everything and everyone?" or this one "People go crazy when they find out that their credit info has been stolen. And yet the hardly complain when they government robs you every week you get a pay check. Making you pay for things that you don't want your money used for. Then on top of that they bring us obamacare.. The biggest tax raise on American taxpayers ever." or even better "a 17 year old writes some malware, everyone loses their minds.


banks destroy the world economy, steal peoples homes, steal $700 billion from the american taxpayer, no one says a word. " )))))

[ctggls]

A small update:

from this site: http://krebsonsecurity.com/2014/01/a...usion-malware/

"The source close to the Target investigation said that at the time this POS malware was installed in Target?s environment (sometime prior to Nov. 27, 2013), none of the 40-plus commercial antivirus tools used to scan malware at virustotal.com flagged the POS malware (or any related hacking tools that were used in the intrusion) as malicious. ?They were customized to avoid detection and for use in specific environments,? the source said."

So I think whoever attacked Target was not a simple webmaster or a small group of cyber criminals. It was more a group that knew about how certain POS work , maybe a certain type and knew something about Target's security protocols..

[Barry-xlovecam]

Quote:

Originally Posted by tony286

I dont understand why this payment systems and company info are on the internet not on a intranet. I got to figure its cost, well now it will cost them big time.

They are not supposed to be. You cannot retain consumer credit card data, i.e.; full credit card numbers unless it is on a SQL (data) server that only accepts local connections and in a security cage per PCI standards and VISA Net requirements.

So none of this makes sense. I think that this ''Russian hacker k0d3k1dde" is a diversion. This was probably an inside job or some major slop in compliance to PCI standards.

*** reading further a POS malware? Inside job too allowing Internet access to a POS system seems incredibly stupid.

[brassmonkey]

Quote:

Originally Posted by anexsia

Here's a good article on it... http://blog.malwarebytes.org/intelli...target-attack/

I have no sympathy for people who write malware to cause harm and for financial gain.

they hire people to "stress the system" to combat attacks

[just a punk]

Quote:

Originally Posted by ~Ray

he must be protected

If a was a FSB director, I would did that. Because the guy has a brain and he can be used for good (good for us of course)

[ctggls]

Quote:

Originally Posted by Barry-xlovecam

They are not supposed to be. You cannot retain consumer credit card data, i.e.; full credit card numbers unless it is on a SQL (data) server that only accepts local connections and in a security cage per PCI standards and VISA Net requirements.

So none of this makes sense. I think that this ''Russian hacker k0d3k1dde" is a diversion. This was probably an inside job or some major slop in compliance to PCI standards.

*** reading further a POS malware? Inside job too allowing Internet access to a POS system seems incredibly stupid.

As I understood it: POS connected to intranet . Server connected to intranet with the POS but also to internet. Cyber criminal inserts mmom via the server . Mmom takes raw dump from the POS card reader and send it via the POS-intranet-server-internet to the cyber criminal's PC and from there he produces hacked cards.

So the data has a very short UN-encription time but enough for it to be captured.

[acctman]

Quote:

Originally Posted by tony286

I dont understand why this payment systems and company info are on the internet not on a intranet. I got to figure its cost, well now it will cost them big time.

exactly...

[L-Pink]

Quote:

Originally Posted by CyberSEO

If a was a FSB director, I would did that. Because the guy has a brain and he can be used for good (good for us of course)

So you're in favor of Russian criminals ripping people off? No surprise there.


.

[idolbucks]

Paying your techs minimum wage paid off eh Target

[John-ACWM]

Quote:

Originally Posted by HugeWood

Or they could just hire competent IT personnel

[adultchatpay]

That kid is now HIRED!!!

[just a punk]

Quote:

Originally Posted by L-Pink

So you're in favor of Russian criminals ripping people off? No surprise there.

I always knew you are very stupid one, but anyways... Here are 3 words for you to google for: Wernher von Braun (have fun with that)

[EddyTheDog]

Quote:

Originally Posted by CyberSEO

I always knew you are very stupid one, but anyways... Here are 3 words for you to google: Wernher von Braun (have fun with that)

Quote:

Wernher Magnus Maximilian, Freiherr von Braun (March 23, 1912 ? June 16, 1977) was a German, and later naturalized American, rocket scientist, aerospace engineer, space architect, and one of the leading figures in the development of rocket technology in Germany during World War II and, subsequently, in the United States. He is credited as being the "Father of Rocket Science".

Cool story, but???

[just a punk]

But he was:
1) a Nazi (sure you don't care about)
2) a war criminal (he personally picked war prisoners for his factory where they were used as slaves)
3) the man who's V2 killed a lot of civilians in the UK (course you don't give a fuck about the UK citizens, right?)

[EddyTheDog]

Quote:

Originally Posted by CyberSEO

But he was:
1) a Nazi (sure you don't care about)
2) a war criminal (he personally picked war prisoners for his factory where they were used as slaves)
3) the man who's V2 killed a lot of civilians in the UK (course you don't give a fuck about the UK citizens, right?)

So as usual, your defense for what is happening in Russia today is that the west has done it in the past?..


Learn from history - Don't repeat it.....

[nico-t]

Quote:

Originally Posted by ctggls

"a 17 year old writes some malware, everyone loses their minds.


banks destroy the world economy, steal peoples homes, steal $700 billion from the american taxpayer, no one says a word. "

qft

[TisMe]

He's in Russia. Nothing will happen to him unless it turns out that he's gay.

[L-Pink]

Quote:

Originally Posted by CyberSEO

I always knew you are very stupid one, but anyways... Here are 3 words for you to google for: Wernher von Braun (have fun with that)

I post "Russian Douche" and of course you come running.

[just a punk]

Quote:

Originally Posted by EddyTheDog

So as usual, your defense for what is happening in Russia today is that the west has done it in the past?..

And what exactly happening in Russia today? Please explain. I said that I would hire that guy if I was a director of FSB, because he (the 16yo guy) did the same thing the NSA does everyday (yes, they are hacking some private info right now while we talk here).

However, my "I would" have nothing to do with the reality. It's my personal opinion only but not a statement of fact.

Learn to read what people say and don't try to put your own words into their mouths

[PaperstreetWinston]

must be paid a lot

[brassmonkey]

Quote:

Originally Posted by PDeluxe

must be paid a lot

just think of the shit he could do like adding credit to accounts

[JFK]

Quote:

Originally Posted by VikingMan

This kid's IQ is probably larger than the collective IQ of Target execs.

[johnnyloadproductions]

Quote:

Originally Posted by CyberSEO

Learn to read what people say and don't try to put your own words into their mouths

You're getting emotional, you must love MOTHER RUSSIA

[ruff]

When the credit card companies and banks want to stop this kind of abuse, they will spend the money to do so. The technology is out there, it is just expensive to implement. This is capitalism at its finest.

[ladida]

Quote:

Originally Posted by Barry-xlovecam

full credit card numbers unless it is on a SQL (data) server that only accepts local connections and in a security cage per PCI standards and VISA Net requirements.

So none of this makes sense.

Typical webmaster thinking "oh, my database only accepts local connections, its safe"

The moment he installed malware on the computer that's inside the intranet, it's game over. He does not even need to have direct access to the database from that same computer. Once he's inside the intranet, game ends.