EXCLUSIVE - Cybercrime firm says uncovers 6 active attacks on U.S. merchants

BOSTON Sat Jan 18, 2014 1:54am IST

People shop at a Target store during Black Friday sales in the Brooklyn borough of New York, November 29, 2013. REUTERS/Eric Thayer/Files

People shop at a Target store during Black Friday sales in the Brooklyn borough of New York, November 29, 2013.

Credit: Reuters/Eric Thayer/Files

Related Topics

Stocks

   

BOSTON (Reuters) - A cybercrime firm says it has uncovered at least six ongoing attacks at U.S. merchants whose credit card processing systems are infected with the same type of malicious software used to steal data from Target Corp (TGT.N).

Andrew Komarov, chief executive of the cybersecurity firm IntelCrawler, told Reuters that his company has alerted law enforcement, Visa Inc (V.N) and intelligence teams at several large banks about the findings. He said payment card data was stolen in the attacks, though he didn't know how much.

IntelCrawler's findings are the latest sign that the cyberattacks disclosed by Target Inc and upscale department store Neiman Marcus NMRCUS.UL are part of a wider assault on U.S. retailer customer data security.

On Thursday, the U.S. government and the private security intelligence firm iSIGHT Partners warned merchants and financial services firms that the BlackPOS software used against No. 3 U.S. retailer Target had been used in a string of breaches at retailers - but did not say how many or identify the victims. Government officials declined to discuss current investigations.

Komarov, an expert on cybercrime who has helped law enforcement investigate previous attacks, told Reuters on Friday that retailers in California and New York were among those compromised by BlackPOS. Reuters was unable to confirm the retailers' names.

Komarov said he has not directly contacted those merchants. Security experts typically report cybercrimes through law enforcement rather than going directly to victims because the process can be time-consuming and victims are often suspicious when they first learn of attacks.

BlackPOS was developed by a hacker whose nickname is "Ree4" and who is now about 17 years old and living in St. Petersburg, Russia, according to Los Angeles-based IntelCrawler.

The teenager sold the malicious software to cybercriminals who then launched attacks on merchants, said Komarov, who has been monitoring Ree4's activities since March.

Komarov declined to specifically identify the sources of his intelligence, though he said he has been monitoring criminal forums where Ree4 sells his software and posted an excerpt of a chat with a client on the IntelCrawler website.

Officials with the Russian Interior Ministry could not be reached for comment when Reuters attempted to contact them after office hours on Friday.

The bulk of the attacks have occurred in the United States, but about 30 percent have occurred in other countries, including Australia and Canada, Komarov said.

Target last month disclosed the theft of some 40 million payment card numbers in a breach uncovered over the holiday shopping season, and later reported that 70 million customers' records had also been taken.

Neiman Marcus last week said that it too was victim of a cyberattack. Sources have told Reuters that at least three other well-known national retailers have been attacked..

John Watters, chief executive of iSIGHT Partners, which is helping the U.S. Secret Service with its investigation into the attacks, said that he expects the pace of assaults on merchants to pick up.

Copycats will pile on, using similar software, which can be purchased on underground forums, and similar techniques to launch attacks on retailers, he said. "They are saying: 'This is a great idea.'"

BlackPOS is a type of RAM scraper, or memory-parsing software, which enables cybercriminals to grab encrypted data by capturing it when it travels through the live memory of a computer, where it appears in plain text.

It is derived from code that has been floating around underground cybercrime forums since at least 2005 and may be related to malicious software used in attacks as early as 2003, said Shane Shook, an executive with cybersecurity firm Cylance Inc who has helped investigate major breaches at retailers.

While the technology has been around for many years, its use has increased as retailers have improved their security, making it more difficult for hackers to obtain credit card data using other approaches.

It succeeded in evading detection by anti-virus software when it infected the Windows-based point-of-sales terminals at retailers like Target, according to the report that the government privately distributed to merchants on Thursday, which iSIGHT Partners helped prepare.

A spokeswoman for Visa said she could not immediately comment on the report of ongoing cyberattacks but noted that consumers should not be concerned about incurring losses from payment card fraud.

"For consumers, I would point to zero liability. They are protected," spokeswoman Rosetta Jones said in an email.

Officials with the Secret Service could not immediately be reached for comment.

(Additional reporting by Richard Valdmanis, Lisa Baertlein, Mark Hosenball, David Henry and Megan Davis; Editing by Richard Valdmanis, Chizu Nomiyama and Jonathan Oatis)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

Rising Star

Reuters Showcase

Cybercrime

Cybercrime

Hacker sentenced to 21 months in U.S. prison for $15 mln scheme.  Full Article 

Printed Instruments

Printed Instruments

3D printed instruments make sweet music in Sweden.  Video 

Tweet Debut

Tweet Debut

Britain's Queen Elizabeth sends her first tweet.  Full Article 

Artificial Intelligence

Artificial Intelligence

Google bolsters artificial intelligence efforts, partners with Oxford.  Full Article 

Fighting For Workers

Fighting For Workers

Ralph Nader urges Apple to reduce buybacks, improve wages - WSJ.  Full Article 

Future Uncertainty

Future Uncertainty

Ericsson flags North America slowdown.  Full Article 

Microsoft Earnings

Microsoft Earnings

Microsoft sales beat Street hopes, cloud profits up.  Full Article 

Looking To Sell

Looking To Sell

HP seeking buyers for corporate-networking business in China - WSJ.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage