Home page logo

dataloss logo Data Loss mailing list archives

The Kartoxa virus: Blame corporate complacency, not hackers
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 21 Jan 2014 18:18:55 -0700


The Kaptoxa virus, which was used to steal more than 70 million credit card
numbers in the United States, was "partly written in Russian", according to
a Wall Street Journal article published on January 17.

The newspaper cited a report prepared by iSight Partners Inc. and the U.S.
Department of Homeland Security. Kaptoxa, incidentally, is a westernized
spelling of the Russian word Kartokha, which means “potato”.

The report says that the hackers behind the attack had demonstrated an
innovative approach and great sophistication. The virus they created
collected credit card information during the working hours, from 10 a.m.
till 5 p.m. local time, and stored the stolen data on a server operated by
the victim itself, the giant retailer Target Corp. That server was later
hacked as well.

“This is the first time we have seen this attack at this scale and
sophistication,” said Tiffany Jones, senior vice president at iSight
Partners Inc. “All the data transfers were concealed, so the attack was
almost impossible to detect before it was too late."

The U.S. cybersecurity experts investigating the attack have now identified
the creator of the virus. He is one Sergey Tarasov, a 17-year-old from St
Petersburg, Russia. The experts have stressed that Tarasov had nothing to
do with the data theft itself; he merely wrote the virus code.

Russian specialists, meanwhile, have questioned claims that the virus could
have been "written in Russian". They point out that software is always
written using the Western script. So far, there is only a single Russian
trace in this affair, and it does not really prove anything.

Victims have themselves to blame

“This virus was not written in Russian,” explains Aleksandr Gostev, chief
virus analyst at the cybersecurity giant Kaspersky Lab. “It merely uses
some Russian words, including Kaptoxa."

According to Gostev, Kaspersky Lab has been aware of the Kaptoxa virus
since 2012. This piece of malware can be procured on the black market for
about $1,000. It targets credit cards that rely on their magnetic strip
rather than a secure chip to store data. In the United States such cards
still remain the most popular type in circulation.

“The United States is among the laggards in this area of technology, which
is actually quite surprising," Gostev says. “Here in Russia, all the
leading banks have long adopted the more secure chip-and-pin system, so the
virus does not pose any threat to this country."

Experts say the main reason for the hacker attacks such as the one suffered
by Target is that corporate bosses don't take cybersecurity seriously
enough. "The bosses are interested only in maximizing their profits," says
Aleksandr Khegay, deputy chief of cybersecurity at the LANIT company.

“They often tend to ignore cybersecurity concerns until they end up in the
same situation as Target. The fact that the viruses used in these attacks
are sometimes written by teenage Russian hackers does not prove that all
those hackers are brilliant. It rather demonstrates the weakness of the
systems cracked by such viruses."

The notorious Russian hackers

Whenever a cyberattack happens somewhere in the world, including the United
States, Russian hackers are often the first to be blamed. Nikita Kuzmin,
for example, stands accused of creating the Gozi virus; the charge could
land him in jail for up to 95 years. The damage inflicted by Kuzmin and his
comrades is estimated at $50 million; NASA was among the victims.

In January 2012 Microsoft specialists identified the author of the Kelihos
virus, which had turned tens of thousands of PCs all over the world into
zombie bots. Their suspicion fell on Andrey Sabelnikov, who used to work
for a St Petersburg anti-virus company.

Also in January 2012 Switzerland extradited Vladimir Zdorovenin to the
United States; the Russian was accused of stealing hundreds of thousands of
dollars from U.S. bank accounts. He was facing up to 142 years in jail.

Russia, however, is famous not only for its hackers but also for its
internationally recognized cybersecurity specialists. Evgeny Kaspersky, the
founder of Kaspersky Labs, and Sergey Glazunov received kudos from Google
in the autumn of 2011 for finding several vulnerabilities in the new
version of the Chrome web browser.

Be that as it may, Russian cybersecurity offenders are not nearly as
prolific as the ones from China. Last year Bloomberg released a ranking of
countries from which most of the cyberattacks originate. It turned out that
10 countries were responsible for three quarters of all such attacks, and
that a whopping 41 percent of these attacks originated from China.

The United States was a distant second in the ranking with 10 per cent; it
was also the home of the world’s most famous hacking groups, including
Anonymous and AntiSec. Russia was fourth with 4.3 percent.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 


Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.

  By Date           By Thread  

Current thread:
  • The Kartoxa virus: Blame corporate complacency, not hackers Audrey McNeil (Jan 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]