Cybersecurity

Did These Two Teenagers Mastermind the Target Data Breach? Maybe Not


Their profiles on VKontakte, Russia’s equivalent of Facebook (FB), suggest that Ribat Shabaev and Sergey Tarasov are ordinary teenage guys who love music, girls, and goofing around with their friends.

Over the past few days, though, news reports worldwide have fingered the two as creators of the malware used in a massive cyber-heist of customer data from Target (TGT).

Is it true? Or just another example of misinformation spreading as quickly as any virus?

Intelcrawler, a Los Angeles-based cybersecurity firm, issued on Jan. 17 a press release saying the malicious software was created by a person “close to 17 years old” who went by the nickname “ree4.” Intelcrawler said it had traced an e-mail used by “ree4″ to the Vkontakte page of Ribat Shabaev, which says he lives in the city of Engels, on the Volga River southeast of Moscow.

Intelcrawler’s release says Shabaev was “working closely with Sergey Taraspov, who was acting as technical support together with several other members, having roots in St. Petersburg, very well-known programmer of malicious code in underground.” The malware was sold “to cybercriminals from Eastern Europe and other countries” who carried out attacks on Target and other retailers, Intelcrawler said.

An earlier version of the Intelcrawler release identified Shabaev’s collaborator as Sergey Tarasov (spelled with no ‘p’). He is a teenager in the city of Novosibirsk, according to Brian Krebs, a cybersecurity blogger who has closely followed the Target breach.

That release, which no longer appears on Intelcrawler’s website, spurred media outlets in the U.S., Britain, and elsewhere to publish screengrabs from Tarasov’s Vkontakte page.

Telephone and e-mail messages left for Dan Clements, Intelcrawler’s president, were not returned on Monday, a U.S. holiday. Intelcrawler has said that its chief executive officer, Andrey Komarov, tracked the authors of the Target malware for months, even posing as a potential buyer.

Bloomberg Businessweek was unable to reach either Shabaev or Tarasov. But Tarasov has vigorously maintained his innocence. “Taraspov, what the F**k!” he posted on his Vkontakte page after Russian new outlets picked up the story over the weekend. “Worldwide fame, wrong address.”

In an interview with the newspaper Komsomolskaya Pravda, Tarasov said he didn’t know much about programming and was planning a career in business. “Why on earth do they think it’s me?” he asked, adding that his mother was “sick” when she saw televised reports of his alleged involvement.

So far, Shabaev has not responded to the allegations. His Vkontakte page lists “coding” as one of his interests—along with “bass guitar, and beautiful women in beautiful clothes, or out of them.”

As for “Taraspov,” Russian news outlets have noted that the name is extremely unusual and “sounds strange to Russian ears,” as the news website Fontanka put it.

Matlack is a Paris correspondent for Bloomberg Businessweek.

China's Killer Profits
LIMITED-TIME OFFER SUBSCRIBE NOW

Companies Mentioned

  • FB
    (Facebook Inc)
    • $78.4 USD
    • 2.29
    • 2.92%
  • TGT
    (Target Corp)
    • $74.64 USD
    • 1.07
    • 1.43%
Market data is delayed at least 15 minutes.
 
blog comments powered by Disqus