
17-year-old is author of BlackPOS/Kaptoxa malware used against Target? - jt2190
http://intelcrawler.com/about/press08
======
dobbsbob
It's not difficult to make crimeware, I'm sure anybody here could wreak havoc
on the financial system if they turned to the darkside. You start hanging
around xakepy/antichat russian hacker forums and make your own booters and
other script kiddy tools.. soon you have money and can buy or vouch your way
into private crimeforums like infraud and gain access to the invite only base
where they dump POS intel like reverse engineering tools and manuals.

Russians can get away with this because their gov doesn't care about US fraud,
also no extradition treaty. Sadly this kid can never travel anywhere ever
again unless it's directly to Brazil or another country with no US extradition
treaty because they will get him even if it takes 5+years from now they will
watch waiting for him to make a mistake and update VKontakte (russian FB) on
his Turkey vacation plans.

------
interstitial
If I'm reading this correctly, the real "hack" was stupid passwords like
admin:admin, pos:pos on the POS machines. In which case, we need to hold
management more accountable for such lax password policies.

~~~
jonknee
I assume it's like the number of printers and CCTV cameras you can access--no
one knew they were public. This doesn't appear to be the Target hack though,
just some random IPs that had the default passwords on them.

~~~
rlu
>> This doesn't appear to be the Target hack though

Yeah it's not very clear to me either. Not sure if the relevant Target part is
in the second IM transcript where ree4 seems to try and sell a special version
of his product that CAN work with Verifones for 2000 USD?

------
Ellipsis753
The censoring of the email address looks terrible. It looks like someone has
just drawn a line over each email in paint. I would not be surprised if the
original email could be recovered just by putting the different "erased"
copies together.

~~~
cj
Took a stab at it. Partially readable:
[http://i.imgur.com/L4isK03.png](http://i.imgur.com/L4isK03.png)

Edit: Got the above by combining emails censored in the top part of the first
screenshot. You can definitely reveal the full email if you incorporate the
other screenshots.

------
beachstartup
why in the world are POS systems connected to the internet on public ip
addresses?

security considerations aside, this is also more expensive and harder to
implement than a private net. so someone actually sat down, and made this
decision deliberately.

pretty fucking amazing, if you ask me.

~~~
forgottenpass
_why in the world are POS systems connected to the internet on public ip
addresses?_

Historical reasons? target does has a /16.

They can probably fill that block many times over now, but it would make sense
that their numbering scheme has historical roots and to continue using that
space for interstore communication today. They got it in 1993, back when we
were still pretending like exhausting the v4 space wasn't a thing and before
everyone started acting like the fact a many-to-one NAT requires what is
effectively a statefull firewall somehow offered a security advantage you
couldn't get by just writing those firewall rules.

I was at an organization with a large v4 block once. It took a few years of
having my desktop, laptop, and cellphone wifi connections all with routable v4
addresses before I stopped thinking it was weird, bad design and really came
to appreciate: "oh shit, this is how the internet is supposed to be and it is
so much nicer to work with."

~~~
kika
I hope we'll get back there with v6.

(I worked at the company with /8 IP block and always thought that this is how
the founding fathers intended it to be).

------
gcb0
Why is that a surprise? It is not like it is difficult to write those kind of
things. specially a ridiculous one like that that sent data to a windows share
in the network he was attacking.

The technical part is silly easy. The hard part is the moral and fear of
loosing what you gained honestly so far. And for that, being a teenager is
much easier.

So, what is really the surprise here? It is not like it was a elegant worm or
anything. It was just not looked after for ages. The real interesting info in
this whole history is why it was ignored for so long, and who monetized it
later one (hint: i doubt it was the teenage kid)

------
woodchuck64
Why can't Russia give these incredibly talented teenagers something productive
to do like starting a company?

~~~
SpaceRaccoon
They are trying to. Check out the "Skolkovo innovation center". Hopefully some
day in the future you'll be buying smartphones and running software from my
country, and people will stop asking me if my parents are alcoholics and if I
want some raw potatoes.

But 'tis enough ranting, my borsch is getting cold.

~~~
ye
Ha.

Skolkovo is just another way to steal money from the taxpayers under the guise
of innovation. Which they already did: $3.72 billion dollars (125 bullion
rubles).

[http://www.themoscowtimes.com/news/article/skolkovo-
warned-o...](http://www.themoscowtimes.com/news/article/skolkovo-warned-over-
potential-4bln-in-misspending/488793.html)

~~~
SpaceRaccoon
Well corruption is a given, but at least there will be something to show for
it.

The borsch was delicious as well, thanks for asking.

------
rfnslyr
When I was 14, I used to hang around all these sketchy script kiddie forums. I
learned assembly off some crapily written assembly.txt guide, with the ASCII
art of the author at the top and all. Fast forward two years later.

A buddy of mine from IRC links me a webpage like he usually does, most of the
time it's a static HTML file buried deep into the file structure of some large
corporate site. This file was different, it was the CC database for a huge
site.

Few weeks later police kick my door down, seize most of my personal
electronics, and I have yet to hear from them or see my equipment.

~~~
derefr
Do you think the feds managed to track you down from the file access? Or do
you think your friend, prompted by the feds to disclose his "hacking ring",
implicated you?

I ask because it's pretty easy to find carding forums on Tor, to the point
that I can't imagine the police bust the door down of everyone they can
identify as having glanced at a CC dump.

~~~
rfnslyr
I viewed it without a proxy haha. My IP just got straight logged.

