Bloomberg Businessweek has come out with a big cover story on the Target data hack, which revealed odd references to Ukraine in the malware code used for the attack.
The magazine’s reporting revealed Target probably could have prevented the hack if it paid attention to security alerts about malware that hackers installed on the company’s system.
Another interesting tidbit from the story: One of the passwords in the malware code was Crysis1089, an apparent reference to mass protests in Ukraine in October 1989.
There were also other potential references to Ukraine embedded in the code.
The guts of the malware code provided some intriguing leads. One of the passwords was Crysis1089. That happens to be the nickname of an Xbox gamer. (His rank on the Xbox Live global leaderboard as of March 10: 11,450,001.) It also appears to be a reference to the October 1989 date of mass protests that preceded Ukrainian independence and the dissolution of the Soviet Union.
There was another name embedded in the exfiltration code: Rescator. The alias, a reference to a pirate in the 1967 French film Indomptable Angélique, belongs to a prolific Ukrainian trafficker in stolen credit card numbers. Rescator operates several online card number sites — cheapdumps.org and Lampeduza.la, to name two — that use the country domains of Laos, Somalia, and the former Soviet Union, among others. Rescator isn’t the only reseller pushing the stolen Target data, but according to Krebs and several other security investigators, he’s the most active, apparently operating with impunity out of the Black Sea port of Odessa.
It’s unclear whether the hacker Rescator was actually involved in the Target data breach.
Business Insider Emails & Alerts
Site highlights each day to your inbox.