Slashdot Mirror

← Back to Stories (view on slashdot.org)

Analyst Calls Russian Teen Author of Target Malware

Posted by Soulskill on from the get-off-my-lawn dept.

Nerval's Lobster writes "A digital-activity data analytics firm called IntelCrawler, Inc. claims to have identified the author of the BlackPOS malware used in attacks against Target and Neiman Marcus, and spotted similar attacks that are still in progress against six other retailers. Andrey Komarov, CEO of the Los Angeles-based IntelCrawler, told Reuters Jan. 17 that his company had spotted the six ongoing attacks while analyzing Web traffic in search of the specific entry points and origin of the malware infection behind the Target data breach, which allowed hackers to steak magnetic card-strip data on 40 million debit- and credit cards and demographic data on 70 million additional customers. According to Komarov, BlackPOS was developed by a 17-year-old Russian who goes by the username Ree4 and lives in St. Petersburg. Ree4 probably did not participate in the attack on Target, but did sell the malware to the actual attackers, according to Komarov, who refused to identify the source of his information other than to say he had been monitoring forums on which he said Ree4 sells malware. In a series of chat clips Komarov said are exchanges between buyer and seller, Ree4 tells a potential customer that the price for the software is US$2,000 and that the malware grabs credit-card numbers from system memory as they're scanned, dumps them into a file called time.txt that is sent back to the controller. Ree4 also said the app works only on standalone point-of-sale terminals with a separate monitor that also runs Windows, but not on Verifone systems, which can be attached to PCs but secure credit-card data before it can be scraped by BlackPOS."

107 comments

  1. What we should do by Anonymous Coward · · Score: -1, Flamebait

    We should get laws passed to execute people for writing malware to send a clear message to criminals

    1. Re:What we should do by gmuslera · · Score: 4, Funny

      That would clean up most of NSA staff

    2. Re:What we should do by Anonymous Coward · · Score: 0

      Including authors of insecure software for purchase

    3. Re:What we should do by nuonguy · · Score: 4, Insightful

      Even though what this AC said isn't very helpful, it expresses frustration with what happened. I think it deserves a better response.

      Lots of posts here say we should punish the malware author very severely. I say punish him like a small town vandal. Give him a talking to, maybe make him give up his earnings, tell his parents, and then leave him alone.

      You're missing the actual criminals here:
      1. The people who installed this malware.
      2. The people who sold the credit card records.
      These guys deserve the full brunt of the law for damages done.

      But even those guys don't deserve the strongest of punishment. The harshest criminal proceedings should be meted out to the CIO and CEO of Target (and Needless Markup et al :-). They should be held criminally liable for not securing customer credit card information. Surely with the myriad of laws that congress has passed there has to be some law or statute around storage and transmission of financial records that would stick. Sadly I feel like I'm deluding myself with that hope.

      I imagine even one single CIO going to jail or merely facing a judge during criminal proceedings would make a much bigger change in how financial information is treated by officers of companies in the US.

      This situation avoidable. We have technology that mitigates these risks enormously. What keeps theft of credit card information from ending is that the people who make decisions don't need to care. Make that change and the network effects might do the rest.

    4. Re:What we should do by ahabswhale · · Score: 1

      Yeah, so people who are not even remotely security experts should go to jail but the people who intentionally perpetrated a crime really aren't that bad? Nice logic you have there. If you're going to go after executives, why don't you go after the ones that have dragged their feet on chipping our credit cards? That would have prevented this hack.

      --
      Are agnostics skeptical of unicorns too?
  2. The Greatest Deal by Anonymous Coward · · Score: -1

    Boy, do I have a deal for you! See this rancid-as-fuck rectum of mine? See how it's absolutely repulsive? See how every single molecule on and in this foul asshole of mine is rotten to the core? Yes, you do. I'm here to tell you... it's all yours! Your fetid, disease-ridden cock can do as it pleases to my smelly asshole! Oh, and there's a feces surprise waiting inside my asshole for your disgusting little friend. And there might also be a few hundred parasitic goodies hiding in my diseased feces. That's riiiiiiiiiiiiiiiiight... pin worms! Let's see what happens when you mix your cum with my feces. The feces fiesta of the ages has finally begun! What say you?

    1. Re:The Greatest Deal by Anonymous Coward · · Score: 1

      I can't wait for the day you forget to click the check-mark by "Post Anonymously" before submitting your comment.

    2. Re:The Greatest Deal by Anonymous Coward · · Score: 0

      NOW you're talkin' to me, BABY!!

  3. Rumour has Walmart also by SpaceLifeForm · · Score: 1

    But who are the other three?

    --
    You are being MICROattacked, from various angles, in a SOFT manner.
    1. Re:Rumour has Walmart also by Anonymous Coward · · Score: 0

      JCP, neiman marcus, I forget the 3rd if not walmart.

  4. Russia needs to pass better laws by Anonymous Coward · · Score: 0

    Russia needs to enact better laws so that criminals engaging in black hat hacking suffer far more prison time. Really. You can go to prison in Russia for "hooliganism", whatever the hell that is, but write some code that steals millions of dollars from customers and nothing happens to you. Should be some kind of CyberCrime provision at the UN that would engender more cooperation from Russia,and if there's not, someone should create one.

    Its almost as if Russia possesses codified antipathy for capitalism, since these hackers only hurt corporations and their customers. Else, they just don't care. How else can anyone explain why the most harmful civilian cybercriminals hail from east of the Urals?

    1. Re:Russia needs to pass better laws by Anonymous Coward · · Score: 0

      Should not have said "possesses". What a terrible word choice. But I'm tired and sick as hell and I don't really care.

      Much.

      Okay...some.

    2. Re:Russia needs to pass better laws by Anonymous Coward · · Score: 0

      So how is that different from the U.S. of A?

      Signed,
      Goldmann Sachs, Ben Bernanke, Enron, CGI, Etc., Etc., Etc.

    3. Re:Russia needs to pass better laws by Anonymous Coward · · Score: 0

      That's not the point. The point is...Russia exudes apathy towards cybercrimes in the form of lax internal laws, which forces the rest of the civilized world to pay (literarily).

    4. Re:Russia needs to pass better laws by ColdWetDog · · Score: 1

      That's not the point. The point is...Russia exudes apathy towards cybercrimes in the form of lax internal laws, which forces the rest of the civilized world to pay (literarily).

      So? That may well be of value to Russia. What's in it for them? It is a form of economic warfare - Russia right now can't compete with the US / China / Europe on a number of levels. They may see this sort of thing as a tactical advantage.

      --
      Faster! Faster! Faster would be better!
    5. Re:Russia needs to pass better laws by TarPitt · · Score: 1

      Similar to how the English Crown supported piracy against the Spanish in the 17th and 18th centuries?

      --
      If your children ever found out how lame you are, they'd murder you in your sleep
    6. Re:Russia needs to pass better laws by sjames · · Score: 4, Insightful

      I wouldn't throw too many stones. In the U.S. you can go to jail for plugging your EV in to the wall for 20 minutes but crash the global economy and we'll write you a bonus check.

      Every theft perpetrated by every malware writer behind the former iron curtain put together is peanuts compared to the Wall Street bandits.

    7. Re:Russia needs to pass better laws by alexander_686 · · Score: 1

      Alas, it is Alas, it is a sirens trap. At the end of the USSR their engineers were great at reverse engineering technology but not so good at inviting stuff.

      Today why build something good, solid, legitimate that can take on the west? Because of the kleptocracy of the state. I mean yes, it is a form of economic warfare, and it may win battles but it is destine to lose the war.

  5. Values vs cash by OffTheLip · · Score: 1

    Seems like an easy call from my chair but I am not, possibly, disenfranchised, poor, abused, indifferent, whatever. For many the return on investment (hey Wall Street) is too good to pass on. Just sayin...

  6. Teenagers by girlintraining · · Score: 4, Insightful

    I love teenagers. Only they would ask $2,000 to sell software that, if he got caught, would net him decades in prison. He may be a good programmer, but he's an idiot businessman -- risk versus reward.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Teenagers by Anonymous Coward · · Score: 0

      He should have done like I did. Hack before it was made illegal.

      No, not time travel.

      He should look for and exploit new technology before the authorities legislate it under submission.

    2. Re:Teenagers by DigiShaman · · Score: 3, Interesting

      He's a teen!!! The brain of a teen has been demonstrated time and time again to have an underdeveloped sense of risk.

      --
      Life is not for the lazy.
    3. Re:Teenagers by wonkey_monkey · · Score: 4, Funny

      That's so evolution can weed out all the really stupid ones before they get to procreate.

      It doesn't seem to be working these days...

      --
      systemd is Roko's Basilisk.
    4. Re:Teenagers by Anonymous Coward · · Score: 0

      Doesn't seem to make much of a difference. Most adults are just overgrown children with barely any ability to think about the future more than a few days ahead. I can only shake my head in shame when I see the stupidity of my coworkers.

    5. Re:Teenagers by Spy+Handler · · Score: 1

      why would that net him decades in prison? He's guilty of writing a virus program, not stealing 60 million credit cards.

      Like if I sold a gun to Guido, and later Guido murders 5 people with it, am I going to prison for life? No, I am just going to get charged with selling a gun to a felon.

    6. Re:Teenagers by girlintraining · · Score: 1

      He's a teen!!! The brain of a teen has been demonstrated time and time again to have an underdeveloped sense of risk.

      Which begs the question... how is he hiding all that money from his parents? Surely they must know something is up. They should join him in jail... for a much longer time.

      --
      #fuckbeta #iamslashdot #dicemustdie
    7. Re:Teenagers by DigiShaman · · Score: 1

      Who knows. Typically most teens with new-found-money will spend and flash it around. At which point his parents know and decided to just play along (if not outright helping him shelter the wealth). OTOH however, this is Russia. He could be scared shitless by whatever mob he's working for. They may have told him to lay low...or else! But yea, your guess is as good as mine.

      --
      Life is not for the lazy.
    8. Re:Teenagers by mcfedr · · Score: 1

      it will/would if the usa ever get their dirty hands on him - really for just being smart enough to point out the flaws in a multinational's software.

    9. Re:Teenagers by Anonymous Coward · · Score: 0

      you, Sir are a moron. he wrote the program and didn't implement it. might as well jail all of the gun manufacturers because guns can be used to kill people.

    10. Re:Teenagers by Anonymous Coward · · Score: -1

      If shaking your head isn't working try bringing in a gun.

      That'll sharpen 'em up right quick.

    11. Re: Teenagers by tysonedwards · · Score: 0

      In the words of Charleston Heston: "Guns don't kill people; apes with guns kill people."

      --
      Thirty four characters live here.
    12. Re:Teenagers by alexander_686 · · Score: 1

      There is a difference in having a adventurous youth, making a poor judgment on occasion, and a deliberate plan that too months to execute.

      On one had we have things like the “ILOVEYOU” virus – that I am somewhat lenient on and would fall into what you are suggesting. This Russian teen seemed to have a more thought out plan.

    13. Re:Teenagers by PNutts · · Score: 1

      Bad analogy. His programs are designed to be used maliciously. Guns aren't.

    14. Re: Teenagers by PNutts · · Score: 1

      And then birds, cows, and a slug maybe.

    15. Re:Teenagers by Anonymous Coward · · Score: 0

      Selling a gun to Guido knowing that he is going to use that gun to murder 5 people can get you charged as an accomplice to that murder.

    16. Re: Teenagers by Anonymous Coward · · Score: 0

      Yes, because guns were designed for, what? Oh, the good guys!

    17. Re:Teenagers by Anonymous Coward · · Score: 0

      Very true and well put.

    18. Re: Teenagers by Anonymous Coward · · Score: 0

      Yes, because guns were designed for, what? Oh, the good guys!

      Homer: But Marge, a gun is a tool. Like a butcher knife or a harpoon, or uhh... an alligator.

    19. Re:Teenagers by AmiMoJo · · Score: 1

      Except that until fairly recently procreation tended to happen in the early to mid teens, pretty much as soon as girls became fertile. The period of maximum risk taking stupidity coincides with the child's early life, which I suppose might have the same effect in that the offspring of stupid people would have died with them.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    20. Re:Teenagers by Anonymous Coward · · Score: 0

      So? It's still the fault of the people who used it maliciously. I don't like this sort of logic, because it is wrong to blame the makers of the tool for the actions of other people. We've also seen scummy copyright holders try to use this logic against people (VHS, for example).

    21. Re: Teenagers by Anonymous Coward · · Score: 0

      Not if Han shoots first.

  7. The Russians did it! by Anonymous Coward · · Score: 0

    Mr. teacher, the Russians stole my homework! Or maybe the Chinese!

    Ah, Ok, Timmy, you're excused.

  8. russan prison and then what? by Joe_Dragon · · Score: 1

    Russian prison and then what? unlike to be able to work in the usa

    1. Re:russan prison and then what? by Anonymous Coward · · Score: 0

      No, the US would give him an H1B, and then initiate charges against him when he arrives... And in the US he would then face 10 years for each incident...

    2. Re:russan prison and then what? by mjwalshe · · Score: 0

      for the average geek - Death probably - Russian prisons are not fluffy places like the USA's supermax or Gitmo

  9. who would make such a choice? by Anonymous Coward · · Score: 1, Interesting

    Windows "security" has been well know to be a joke since the very beginning. Why would any sane person run it on POS systems or other important infrastructure, and then proceed to tie those systems to the open internet? Unix would only have been a little better, if it was used in the same way.

    That seems ....... insane. Sure, the hackers are responsible for hacking in, but if you leave the door of your house wide open with a sign in the front yard saying, "I have an expensive TV!", maybe you also bear some responsibility if someone walks in and steals your expensive TV set?

    Will there be ANY accountability here by the people who made those decisions?

    1. Re:who would make such a choice? by Anonymous Coward · · Score: 0

      Wow, someone does not like facing the truth, that how you design a system matters to how secure that system is.

      The truth hurts, I guess, because there's no other reason that should have got modded to -1.

    2. Re:who would make such a choice? by Anonymous Coward · · Score: 0

      No. It got modded to -1 because it was a shit post.

      Remember OCCAM'S RAZOR and maybe try again after you've sharpened up your skills a bit more, m'kay?

    3. Re:who would make such a choice? by Anonymous Coward · · Score: 1

      It wasn't a shill post, it got modded down by Microsoft shills, who have been known to mod any post critical of Microsoft down on here.

      The post itself made the point that Linux wouldn't have been much better.

    4. Re:who would make such a choice? by CastrTroy · · Score: 1

      It doesn't matter which operating system is being used. Windows can be perfectly secured if you configure it properly. Linux can be just as easily owned if set up by someone who has no idea what they are doing. A weak root password and bind sash to a remotely accessible address (which seems quite convenient if you don't consider the security aspects) and the machine is trivially rootable. No matter which OS is used, there should be a hardware firewall in front with no open ports. Only way to communicate is over VPN. That, or not even store all those credit card numbers. They probably shouldn't have been storing them in the first place.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  10. Who is better: IntelCrawler or NSA? by Anonymous Coward · · Score: 1

    IntelCrawler uncovers six active attacks on U.S. merchants and traced the Target attacks back to a specific person in Russia. How come IntelCrawler can figure it out? Is the NSA asleep at the wheel?

    1. Re:Who is better: IntelCrawler or NSA? by ganjadude · · Score: 1

      seriously. We keep hearing about how the NSA NEEDS all the data traffic in the world yet it takes a 3rd party a few weeks to find the guy and the NSA hasnt done jack shit

      --
      have you seen my sig? there are many others like it but none that are the same
    2. Re:Who is better: IntelCrawler or NSA? by Anonymous Coward · · Score: 0

      ,,,, and the NSA hasnt done jack shit

      His number was not relevant....

    3. Re:Who is better: IntelCrawler or NSA? by ColdWetDog · · Score: 2

      To be fair, all this guy has done is claim to know who the programmer is. He doesn't have any proof. He is, however, making himself famous for a few minutes.....

      And, for all we know, the NSA wrote the damned thing themselves in order to infiltrate the Russian mafia. It's not like they tell us what they're doing.

      --
      Faster! Faster! Faster would be better!
    4. Re:Who is better: IntelCrawler or NSA? by scarboni888 · · Score: 1

      Who do you think GAVE IntelCrawler their data?

      That's right, there is No Such Agency!

    5. Re:Who is better: IntelCrawler or NSA? by Anonymous Coward · · Score: 0

      What makes you think IntelCrawler isn't an NSA front?

    6. Re:Who is better: IntelCrawler or NSA? by davidhoude · · Score: 1

      How exactly do you know what the NSA is and is not doing? I get it, we gotta trash talk the NSA in every /. post.... Even if that means making wild assumptions about things we don't know anything about.

    7. Re:Who is better: IntelCrawler or NSA? by ganjadude · · Score: 1

      I would say its a pretty good bet being that If I were running the NSA and I had absolutly zero public trust as they do right now, I would be screaming for his head so I can say see, we are useful. But they dont

      --
      have you seen my sig? there are many others like it but none that are the same
  11. Enquring minds want to know... by jayveekay · · Score: 4, Interesting

    How did they get the malware deployed onto thousands of POS terminals without anyone noticing?
    After the malware collected the data, how did the POS terminals report the stolen data back to the controller?
    Are these POS terminals just directly connected to the internet?

    1. Re:Enquring minds want to know... by Joe_Dragon · · Score: 1

      did they hack the system on what an new image was being build on?

    2. Re:Enquring minds want to know... by Anonymous Coward · · Score: 1

      Yeah, no second network for internet access at target.
      The distribution method is not publicly known at this time. It is safe to assume a distributed update.

    3. Re:Enquring minds want to know... by Anonymous Coward · · Score: 0

      How did they get the malware deployed onto thousands of POS terminals without anyone noticing?

      Well they contracted out their IT operations to Durkadurkastan. When you pay someone the equivalent of US$2000 a year and you give them access on that magnitude, of course they're going to say yes when someone offers them US$20,000 to plant malware on the network. That's 10 years of paychecks for some nobody in Bangalore, just to install a trojan. Nothing but American corporate stockmarket-driven greed, business as usual led to the entire nightmare.

    4. Re:Enquring minds want to know... by Anonymous Coward · · Score: 0

      That's the easy part. Target outsources its IT services.

    5. Re: Enquring minds want to know... by Anonymous Coward · · Score: 0

      POS Stations such as these pxeboot.
      All you need to do is infect one central server and all the stations are infected come start of business next day.

    6. Re:Enquring minds want to know... by AmiMoJo · · Score: 1

      Yes, they are connected to the internet. It depends on the system, some have a server in the store which they talk to and it has a VPN connection back to head office. Some just connect directly to the internet via the store's router. They use encryption to secure the connection, of course.

      It appears that the deployment was simply a case of adding the malware to the POS terminal firmware and rolling it out as an update. Data was reported back to servers at head office, which they had also compromised.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  12. mmmm by codepigeon · · Score: 4, Funny

    Steak magnetic card strips....mmm

  13. publicity stunt by Anonymous Coward · · Score: 1

    How much did Verifone pay for this sparkling review?!?

  14. Steak by rossdee · · Score: 2

    " which allowed hackers to steak magnetic card-strip data on 40 million debit- and credit cards"

    Of course steak is very much a luxury food in Russia

  15. two simple questions by Anonymous Coward · · Score: 1

    Why to use Windows?

    Why to have network connection to outside?

    1. Re:two simple questions by ganjadude · · Score: 4, Interesting

      the network connection to the outside is for the credit app. I work for a company who deals with verifone pinpads and no internet, no pinpads. I would like to think that something like that could be on a secure secondary line locked down from HTTP and other traffic but it does not seem like they set it up that way

      --
      have you seen my sig? there are many others like it but none that are the same
    2. Re:two simple questions by ColdWetDog · · Score: 1

      I work for a company who deals with verifone pinpads and no internet, no pinpads...

      This company lets a guy with the nic 'gangadude' work on Internet enabled POS terminals?

      They must be smoking something.

      --
      Faster! Faster! Faster would be better!
    3. Re:two simple questions by shutdown+-p+now · · Score: 1

      Well, maybe they're selling the thing they're smoking.

    4. Re:two simple questions by ganjadude · · Score: 1

      Because one cannot separate personal life and professional life. Let me guess you think no professionals ever do anything of the sort right?

      --
      have you seen my sig? there are many others like it but none that are the same
  16. Did he get a good price? by Anonymous Coward · · Score: 0

    Anyone here know whata the going rates are for exploits like this? Forzero-day exploits? For newly-discovered exploitable bugs?

    I'm writing a story and it could help to get the facts right.

    -- hendrik

  17. Name Names Or STFU! by Anonymous Coward · · Score: 2

    spotted similar attacks that are still in progress against six other retailers. Andrey Komarov, CEO of the Los Angeles-based IntelCrawler, told Reuters Jan. 17 that his company had spotted the six ongoing attacks while analyzing Web traffic in search of the specific entry points and origin of the malware infection behind the Target data breach

    I call bullshit! He claims to have spotted ongoing attacks on six other retails which he conveniently fails to name.

    Name names or STFU!

  18. Another needlessly ambiguous Slashdot headline... by wonkey_monkey · · Score: 3, Insightful

    Analyst Calls Russian Teen Author of Target Malware

    "Calls" as in calls him on the phone? Or "calls" in the more casual sense of "identifies"? Because there's a word for that - "identifies."

    --
    systemd is Roko's Basilisk.
  19. Credibility? by whoever57 · · Score: 3, Interesting

    IntelCrawler was registered late last year, and its address is a mailbox in a UPS store.

    Has anyone heard of Andrey Komarov before this? Does he have any kind of track record? Or is he just another fame whore with a dubious story?

    --
    The real "Libtards" are the Libertarians!
    1. Re:Credibility? by Anonymous Coward · · Score: 1

      Like most Russian "security experts" he's really just the protection angle of the shakedown. His crew develops the malware and then he "discovers" it and sells you a solution. The Russians have been doing this shit for decades.

    2. Re:Credibility? by Anonymous Coward · · Score: 0

      This is slashdot. You don't need credibility.

    3. Re:Credibility? by Anonymous Coward · · Score: 0

      Details on ree4 dumper were posted in march last year. http://securityaffairs.co/wordpress/13213/cyber-crime/exclusive-details-on-investigation-of-group-ib-on-new-age-of-pos-malware.html http://www.group-ib.com/index.php/o-kompanii/176-news/?view=article&id=716 - Group-IB was the first one to share some details.

      Xylibox has some details on the functionality http://www.xylibox.com/2013/05/dump-memory-grabber-blackpos.html

      Mr. Komarov just exploited the incident for personal PR gain.

  20. In Soviet Russia, you infect virus! by JoeyRox · · Score: 1

    http://en.wikipedia.org/wiki/Yakov_Smirnoff

  21. Game Plan by Anonymous Coward · · Score: 0

    At $2000 every anti-virus company and investigator, etc will be buying. He probably makes more money selling to government agents and anyone that wants to check out the code than thru selling to a few cyber criminals.

  22. NSA doesn't care by Anonymous Coward · · Score: 0

    It's NOT phone data so why does the NSA care.

  23. IN 17 years? by scarboni888 · · Score: 4, Informative

    How in the world does a 17 year old get intimate detailed knowledge of the internal workings of POS systems??

    Was I the only child who grew up in a home devoid of POS terminals to tinker with or something?

    1. Re:IN 17 years? by Anonymous Coward · · Score: 1

      It was running Windows, which was part of the problem.

    2. Re:IN 17 years? by jader3rd · · Score: 0

      How in the world does a 17 year old get intimate detailed knowledge of the internal workings of POS systems??

      They're the only ones that Target hires to run it's systems. Anybody older would be too expensive.

    3. Re:IN 17 years? by scarboni888 · · Score: 1

      Target has outlets in Russia?

      I had no idea... well you learn something new every day, I suppose.

    4. Re:IN 17 years? by plover · · Score: 3, Informative

      What makes you think he has " intimate detailed knowledge of the internal workings of POS systems"? Sorry, that was a trick question. He doesn't care how POS systems work, or how sophisticated they may be. He only cares what credit card mag stripe data looks like. His malware scrapes the RAM of the process looking for the tell-tale patterns of mag stripe data, and grabs it. See http://www.us-cert.gov/ncas/alerts/TA14-002A , which says "There are several types of POS malware in use, many of which use a memory scraping technique to locate specific card data. Dexter, for example, parses memory dumps of specific POS software related processes looking for Track 1 and Track 2 data. "

      The track data just has to be in the RAM of the process, and this software finds it and logs it.

      --
      John
  24. Re:Another needlessly ambiguous Slashdot headline. by Anonymous Coward · · Score: 0

    Identifies is more certain, "calls" is speculative. i can call you autistic but only because i have identified you as a pedant.

  25. Witch-hunt by zugedneb · · Score: -1

    this is called witch-hunt.
    Identify someone with godlike, impossibile knowledge and nail the fucker. Thusly, the righteous has won.

    Say, you can prove that it is barely possibile to have that knowledge at age 17, unless, someone points it out to him. Now, if he is, quite possibly, an adept programmer, he might use this knowledge.
    But in russia, all know about brutality of others... I dont think he would dare, not at 17...

    Anyways, who will listen to the protest of the rational?

  26. So now we know: Russia is responsible for crap tha by juliuszs · · Score: 1

    So now we know: Russia is responsible for crap that MS passes as "secure software". Bomb the Evil Empire (you select which one).

  27. Why mention the age by jader3rd · · Score: 1

    If he was a little bit older the news wouldn't be reporting the age. The age is just creating a bias where there doesn't need to be one. It's just playing on a certain group of peoples fears that all young people are out to get them. It probably stems from guilt about how they find certain people achieving more in life than they did, and at first you could handle that because they were older. But then as they got older the achievers became younger and they never learnt how to cope with that.

    1. Re:Why mention the age by Anonymous Coward · · Score: 0

      Because demonizing teenagers is how the old media attracts views through sensationalism essentially. You can see it in contexts of when they identify as a teen. If they commit a crime, even if they're 19 they're called a teen by them. They dispropronately cover any youth crime as if they were the main source of crime. They're not, at all. They contribuite to stuff like the fascistic curfews by asserting that nothing good is done by teenagers out at night and implicit victim blaming teenaged rape and/or murder victims for being out then. Not like they had a dog to walk or anything, no. Even if they don't feel slighted it still sends a message that they're not welcome, surprise when they never show up.

      Years later, the media suits panic. The newer generation won't buy or view them! They're adults, why aren't they buying! They're credible sources right? Oh wait, they already destroyed it long ago with moral panics about what "kids these days" are doing that the kids knew trivally were bullshit. Pharm parties where kids randomly mix prescription medications together in a bowl and pick randomly like candy! In addition to being a stupidly dangerous idea even by drunken party animal standards, asprin, antibotics, and heart meds won't get anyone high. Even the most desperate drug-seekers only seek out known classes, not everything in the fucking medicine cabinet! Rainbow parties where boys get blown by seven different girls with different lipstick? Butt chugging! Nah if they were illicitly consuming alcohol they'd just drink it! When you lie like the fucking Iraqi information administrator it is no wonder they don't see you as a less credible source of news than rumors and testimony of drunks!

      The millenial bashing is just doubling down on an unsustainable business model in digging themselves deeper. The newspapers have recieved a slight repreeve if only for their classified sections.

  28. ISR by Anonymous Coward · · Score: 0

    In Soviet Russia, teen author calls you ANALYST!

  29. Re:Another needlessly ambiguous Slashdot headline. by wonkey_monkey · · Score: 1

    Well, you'd be wrong, about the autistic part at least, with that sweeping piece of false equivalence. Still, call me that if you wish - it's an adjective and as such is not ambiguous the way this headline is.

    Analyst calls Russian teen "author of Target malware"
    Analyst calls "Russian teen author of Target malware"

    Two different meanings from the same words. Sorry if you don't feel this is important in a news headline, but I'm not sure why it annoys you so much that I do feel it's important that you had to be a dick about it.

    --
    systemd is Roko's Basilisk.
  30. Re:Another needlessly ambiguous Slashdot headline. by Anonymous Coward · · Score: 0

    Sorry, unlike you I'm actually capable of understanding what is implied in human speech based on context. I'm sorry that your that your aspergers prevents you from this. Maybe one day there will be a cure and you will no longer have to live with a defective brain.

  31. Typical pothead by Anonymous Coward · · Score: 0

    Any surprise that "Reefer" is both a drug addict and a credit-card stealing criminal? Fucking worthless potheads.

    1. Re: Typical pothead by Badblackdog · · Score: 1

      Fuck You!
      Weed has nothing to do with it. Dick.

  32. I worked on Target POS systems in ‘99 by Anonymous Coward · · Score: 4, Interesting

    Just before the dreaded Y2K doomsday event everyone, everywhere (well lots anyway) I was subcontracted to upgrade all the motherboards in area Target stores.
    The motherboards were very simple, very basic units with pretty much everything integrated IE video, ethernet, etc.. They are diskless. Nothing plugged into the slots.
    The cases were small, low profile and of course there is one at every register and several at the customer service desks.

    At that time they were booting XP from LAN with PXE/TFTP.

    ALL the POS terminals load the same, single image from a server. Infect the server and all terminals become infected.
    Because everything is diskless, everything is piped back to backend servers in real time.

    I did not go into the back of the store or see any hardware other than the POS terminals, I whored myself out as a screwdriver grunt for some easy cash.
    I would assume that the OS image the terminals boot is standardized across all their stores and is sent down from corporate hive.
    This leads me to believe that they somehow got to THAT image and compromised it, thus infecting all terminals nationwide.
    So they didn't have to hack thousands of terminals, they just had to hack one boot image at corporate and they owned the nation.

    1. Re:I worked on Target POS systems in ‘99 by Anonymous Coward · · Score: 0

      Windows XP had its initial release in August of 2001, wasn't the Y2K scare pretty much over by then?

  33. A national shame on our government and capitalism by asjk · · Score: 1

    This is embarrassing if true. For me the target of ire is much closer to home. It has been said that the free market will produce the best product. Isn't it also true that we should deserve the national defense that we buy? Haven't these transgressions happened often enough now that our economic institutions should have more secure systems that protect the consumer from intrusions? How about the money spent on government surveillance? Shouldn't they secure us from threats that compromise enterprise and privacy? We should learn from the laboratories of other democratic societies to inform our transition to a system of capital exchange that is more appropriate of a world superpower. Securing our boarders also means safe money transfers.

  34. You could get laws that mandated the use of chip c by Anonymous Coward · · Score: 0

    21st century?

  35. Re:Another needlessly ambiguous Slashdot headline. by YumoolaJohn · · Score: 1

    Please, tell me more, Internet psychologist!

  36. He's prob. rich by now by Anonymous Coward · · Score: 0

    He's probably already got a $1M/year job offer from Kaspersky, who given their ties to the Russian govt. the kid will be a national hero, not go to jail.

  37. From a banking software developer: by Anonymous Coward · · Score: 0

    I have legal access to read-write on production systems than covers the entire SEPA region. A throughput of million of transactions per hour.

    If you would actually know what these "amazingly secure" banking systems run and what kind of connectivity, what kind of sysadmins and what kind of hardware they use ... you would never use them. Any of them.

    And I don't. Unless I'm forced. For very small sums. And I triple fkin check every time.

    Wake up. Just because your bank asks you for 6 passwords to allow you to do anything it doesn't means you are safe.

  38. Re:Another needlessly ambiguous Slashdot headline. by Anonymous Coward · · Score: 0

    Or

    Analyst calls Russian teen author of 'Target' 'Malware'.

    Raising the question as to what Target is, and whether Malware is a nice thing to call someone.

  39. Re:Another needlessly ambiguous Slashdot headline. by wonkey_monkey · · Score: 1

    Sorry, unlike you I'm actually capable of understanding what is implied in human speech based on context.

    Well, aren't you awesome. Unlike you, I actually consider how others might have trouble with things and strive to improve them for all.

    Maybe one day there will be a cure and you will no longer have to live with a defective brain.

    Maybe one day there'll be a cure for being a dick for no reason.

    --
    systemd is Roko's Basilisk.