Thieves still selling credit card numbers stolen from Target

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.sfgate.com/nation/article/Thieves-still-selling-credit-card-numbers-stolen-5917667.php

One year after thieves infiltrated Target’s cash registers, a website
openly sells millions of credit and debit card numbers stolen in that data
breach and many others.

Anyone can log on to the site, rescator.cc, and shop for cards by ZIP code.
This illegal marketplace is the most glaring reminder that no one has been
brought to justice in the theft of Target customer data.

Federal authorities declined to say anything about their investigation,
which is being led by the Secret Service. Yet cybersecurity professionals
have named one person they believe is linked to the stolen card website: a
Ukrainian hacker named Andrey Hodirevski.

Brian Krebs is the blogger who broke the Target breach story and first
named Hodirevski a year ago. “He may not be rescator, but it’s pretty clear
that he knows the people who are and probably is in touch with them,” Krebs
said.

Suspected 'carder’

Two other security pros say Hodirevski almost certainly has a hand in
running the site. Dmitry Volkov, head of investigations at Russian computer
security company Group-IB, said Hodirevski goes by the nickname “rescator”
and has for several years been on his company’s radar as a “carder,” or
dealer in stolen payment card information. He said Hodirevski was a main
member of DarkLife, a defunct Russian-language hack team.

“He has a high reputation and credibility among other carders and hackers,”
Volkov said. “He is not just another carder.”

Mark Lanterman, a former member of the Secret Service Electronic Crimes
Task Force and now chief technology officer atComputer Forensic Services in
Minnetonka, Minn., said the evidence points to Hodirevski.

“It’s circumstantial, but there’s a lot of it,” Lanterman said. “His
website is up and active and going stronger than ever, which is
disappointing.”

'Slim poor guy’

Someone at rescator’s instant messenger address responded to inquiries,
saying that nobody on his team has heard of Hodirevski and that he’s just
“some slim poor guy” that Krebs named. Authorities are looking in a “very
different direction,” the person said, declining to specify.

But all the publicity around the rescator site has made it the No. 1
destination for card thieves, the person boasted.

Hodirevski has not spoken out publicly, despite his name and photos having
been publicized in cybersecurity reports and magazines such as Bloomberg
Businessweek.

One Ukrainian familiar with him said Hodirevski is living in a flat in
Odessa with his grandmother following a previous hacking arrest, and he is
being monitored by the Security Service of Ukraine.

An old school friend in Odessa said Hodirevski has disappeared and there’s
no point looking for him. He’s probably in Russia, said the friend, Alex
Zhimalov: “If he wants to be invisible — he will be.”

In a conference room at his Minnetonka offices, Lanterman logs in to
rescator.cc. Over the past year, he’s found information on the site from
tens of thousands of cards stolen from Target stores.

The shop operates in the open now, he said.

Lanterman believes that rescator sells the software that hackers have used
to break into retailers’ point-of-sale computers. Then buyers customize it
for victims such as Target, and others install it and do the rest of the
dirty work, and give rescator the stolen card information to sell.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!