Russian teenager wrongly labelled as author of Kaptoxa malware
Experts at the company Group-IB have officially disproved reports identifying Sergey Tarasov, purportedly 17 and a resident of St. Petersburg, as the author of the malicious software known as Kaptoxa, which was used in one of the largest successful attacks on U.S. Internet stores.
"Over 300 media outlets fell for a hoax floated by a small firm and accused an innocent person of cybercrime," reads the Group-IB statement. Furthermore, it has transpired that the sum reportedly stolen in the Kaptoxa attack does not correspond to reality.
According to Group-IB CEO Ilya Sachkov, the erroneous reports may have been caused by the fact that the company IntelCrawler, which is taking part in the investigation of the Kaptoxa attack, is not competent enough to conduct cyberattack forensics.
InterCrawler CEO Andrey Komarov used to work for Group-IB; during this time at the company he was not involved either in malware analysis or in computer incident investigations. Komarov's functions at Group-IB were restricted to information system protection audits, meaning that he is unlikely to have sufficient experience in investigating computer crimes, Sachkov believes.
"In the modern world, when it comes to cybersecurity, media companies normally rely on expert comments," Sachkov said. "Such comments are not further verified. Dissemination of such libellous information may result not only in the harassment of an innocent person but also in the starting of cyberwarfare between different countries."
The Washington Post earlier reported that Tarasov had used a computer virus of his own design to steal banking card data of 110 million clients from the U.S. retailer Target Corp. IntelCrawler asserted that the teenager wrote Kaptoxa and started marketing it online for $2,000 in the spring of 2013.
It has since been established that Sergey Tarasov lives in Russia's Novosibirsk, rather than in St. Petersburg, and is 18 years of age, not 17. IntelCrawler has admitted its mistake; its current theory is that the virus was written by another Russian resident.
Russian experts were sceptical of the Russian link in this story from the very start. In particular, they were surprised to hear that Kaptoxa may have been "written in Russian", although programming code is always in the Latin script.
"The virus was not written in Russian, it merely contains certain Russian terms, such as Kaptoxa [colloquial Russian for potato]," says Alexander Gostev, chief malware expert at Kaspersky Lab.
According to him, Kaspersky Lab analysts have known about Kaptoxa since 2012. Its black market price is around $1,000; the malware targets chipless banking cards whose only protection is in the code stored on the magnetic strip. Such cards are among the most popular payment methods in the U.S.