A security firm says a Russian teenager wrote the malware probably used in cyberattacks against US retailers Target and Neiman Marcus and it expects more retailers to acknowledge that their systems were breached.
California-based IntelCrawler said the author of the malware used in the attacks had sold more than 60 versions of the software to cybercriminals in eastern Europe and other countries.
The firm posted online a photo purported to be of 17-year-old Sergey Taraspov, who has roots in St Petersburg. He reportedly had a reputation as a "very well known" programmer in underground marketplaces for malicious code, the report said. It said the teenager did not perpetrate the attacks.
Andrew Komarov, the chief executive of IntelCrawler, said the attackers who bought the software entered retailers' systems by trying several easy passwords to access the registers remotely.
"It seems that retailers still use quite easy passwords on most remote-access" servers, Komarov said. There did not appear to be many restrictions on who had access to the remote point-of-sale servers in numerous companies, he said, and that could enable hackers to gain access to back-office servers.
Target says hackers gained access the debit and credit cards of up to 110 million customers. Neiman Marcus admits a similar attack but hasn't said how many customers were affected.