Recently, a report has been published by the well-known group of cyber intelligence IntelCrawler that a Russian man, 17 years of age having a user name “ree4,” may be the writer of the malware named point-of-sale. It is used for Neiman Marcus and 6 other big US retailers target. The amount might also be more.
IntelCrawler said that Ree4 has sold the “BlackPOS” malware to 60 or more cyber criminals of Eastern Europe and other regions too. The man is baed in thr St. Petersburg area. He is also widely known in the internet forums and other big hacking communities. The reports states that the man wrote many other malicious tools like ‘Ree4 mail, Brute, social networking accounts hacking rules, DDoS attack training, etc. The president of the IntelCrawler cyber intelligence Dan Clement has told the PC World they are very much sure on all the conclusions.
But the organization have not contributed or even taken part in the detection and cyber crime done by ree4 in anyway. The targets also refused to comment on the reports given by the cyber intelligence organization Inter Crawler. The spokeswoman of Neiman Marcus US based retail has said that the hackers had planted the dangerous malware named BlackPOS. It happened since the terminals of the credit cards at the targeted retailers had very weak and easily guessable default passwords. The spokeswoman of Neiman Marcus has also stated that she did not know anything regarding the weak default password from the Neiman Marcus retail network. Although, the hacks of the Neiman Marcus and the Targets appeared to have taken place simultaneously by the same man, but it is confusing whether they are actually related through BlackPOS. Now, it seems that they are not.
The report quoted that IntelCrawler’s CEO, Mr. Andrew Komarov and said that even more BlackPOS hacking especially for the departmental stores and retail; outlets will be detected soon. Many sources have claimed that three of the hackers have already been detected.
The New York Times also reported that Neiman Marcus retail chain was hacked in the month of July but the cause was not discovered until the middle of December. The situation has been taken under control only a few days back. The customers’ personal information like date of birth (DOB) and Social Security number was not stolen. The Neiman Marcus Company did not collect the PIN numbers of the customers.
The controversy is now in its peak that why the Neiman Marcus did not disclose the hacks earlier and the things surfaced only after quite a long period of time. The breach was discovered only after a journalist named Brian Krebs detected it and posted it in his blog. Even after a lot of published reports of the hacking, no strict steps or protective measures were taken.
In 46 states mandatory regulations were given about the hacker accessing confidential customer information in cyber attacks. There are differences in the methods of keeping the password confidentiality. Each state also differs in security measures. The former cyber crime head Joseph De Marco has stated that breach investigations are always active and takes weeks or even month’s time to be disclosed publicly. He said that in the Manhattan government office of the U.S. attorney. Some additional rules and regulations gave also been imposed for securing the customer PIN and password privacy especially for the retail industry in the United States. Strong security measures are being taken at this very crucial moment. There are many things which are still to be taken under control by the cyber crime experts.