The Kartokha virus collected credit card information and stored the stolen data on a server operated by Target Corp. Source: Getty Images / Fotobank
The Kaptoxa virus, which was used to steal more than 70 million credit card numbers in the United States, was "partly written in Russian", according to a Wall Street Journal article published on January 17.
The newspaper cited a report prepared by iSight Partners Inc. and the U.S. Department of Homeland Security. Kaptoxa, incidentally, is a westernized spelling of the Russian word Kartokha, which means “potato”.
The report says that the hackers behind the attack had demonstrated an innovative approach and great sophistication. The virus they created collected credit card information during the working hours, from 10 a.m. till 5 p.m. local time, and stored the stolen data on a server operated by the victim itself, the giant retailer Target Corp. That server was later hacked as well.
“This is the first time we have seen this attack at this scale and sophistication,” said Tiffany Jones, senior vice president at iSight Partners Inc. “All the data transfers were concealed, so the attack was almost impossible to detect before it was too late."
The U.S. cybersecurity experts investigating the attack have now identified the creator of the virus. He is one Sergey Tarasov, a 17-year-old from St Petersburg, Russia. The experts have stressed that Tarasov had nothing to do with the data theft itself; he merely wrote the virus code.
Russian specialists, meanwhile, have questioned claims that the virus could have been "written in Russian". They point out that software is always written using the Western script. So far, there is only a single Russian trace in this affair, and it does not really prove anything.
Victims have themselves to blame
“This virus was not written in Russian,” explains Aleksandr Gostev, chief virus analyst at the cybersecurity giant Kaspersky Lab. “It merely uses some Russian words, including Kaptoxa."
According to Gostev, Kaspersky Lab has been aware of the Kaptoxa virus since 2012. This piece of malware can be procured on the black market for about $1,000. It targets credit cards that rely on their magnetic strip rather than a secure chip to store data. In the United States such cards still remain the most popular type in circulation.
“The United States is among the laggards in this area of technology, which is actually quite surprising," Gostev says. “Here in Russia, all the leading banks have long adopted the more secure chip-and-pin system, so the virus does not pose any threat to this country."
Experts say the main reason for the hacker attacks such as the one suffered by Target is that corporate bosses don't take cybersecurity seriously enough. "The bosses are interested only in maximizing their profits," says Aleksandr Khegay, deputy chief of cybersecurity at the LANIT company.
“They often tend to ignore cybersecurity concerns until they end up in the same situation as Target. The fact that the viruses used in these attacks are sometimes written by teenage Russian hackers does not prove that all those hackers are brilliant. It rather demonstrates the weakness of the systems cracked by such viruses."
The notorious Russian hackers
Whenever a cyberattack happens somewhere in the world, including the United States, Russian hackers are often the first to be blamed. Nikita Kuzmin, for example, stands accused of creating the Gozi virus; the charge could land him in jail for up to 95 years. The damage inflicted by Kuzmin and his comrades is estimated at $50 million; NASA was among the victims.
In January 2012 Microsoft specialists identified the author of the Kelihos virus, which had turned tens of thousands of PCs all over the world into zombie bots. Their suspicion fell on Andrey Sabelnikov, who used to work for a St Petersburg anti-virus company.
Also in January 2012 Switzerland extradited Vladimir Zdorovenin to the United States; the Russian was accused of stealing hundreds of thousands of dollars from U.S. bank accounts. He was facing up to 142 years in jail.
Russia, however, is famous not only for its hackers but also for its internationally recognized cybersecurity specialists. Evgeny Kaspersky, the founder of Kaspersky Labs, and Sergey Glazunov received kudos from Google in the autumn of 2011 for finding several vulnerabilities in the new version of the Chrome web browser.
Be that as it may, Russian cybersecurity offenders are not nearly as prolific as the ones from China. Last year Bloomberg released a ranking of countries from which most of the cyberattacks originate. It turned out that 10 countries were responsible for three quarters of all such attacks, and that a whopping 41 percent of these attacks originated from China.
The United States was a distant second in the ranking with 10 per cent; it was also the home of the world’s most famous hacking groups, including Anonymous and AntiSec. Russia was fourth with 4.3 percent.