Eastern European cyber criminals have been caught selling customer data stolen during a raid on US retailer Target, say security researchers at FireEye.
The Target breach is believed to have occurred between 27 November and 15 December. It saw hackers break into Target's systems and compromise over 40 million credit and debit card accounts.
The criminals are believed to have stolen customers' credit and debit card numbers, card expiration dates and debit card PIN numbers.
Senior researcher at FireEye Narottama Villeneuve told V3 the stolen card details were being sold on underground Russian-language forums. "It is not surprising that the data is being sold on underground forums. The buyers may use the card data to make fraudulent purchases. Often, these activities are conducted via ‘pack mules' or ‘re-shipping fraud'," he said.
Villeneuve said FireEye uncovered evidence suggesting the criminals have started developing sophisticated partnerships, known as partnerkas, to maximise their profits.
"The partnerkas are organised using an affiliate model. A source, for say malware, will use a network of re-sellers to sell the malware to operators who actually use the malware," said Villeneuve.
"These operators purchase bulletproof hosting for their operation from providers who market this hosting in a similar way. In effect, the more publicised operations that we hear about in the news rely upon a cybercrime ecosystem that is always operating and adapting – these are not isolated events."
Bulletproof hosting is a service offered by less scrupulous web hosting firms, which gives customers more freedom over what material they can upload. In the past Bulletproof hosts have been used for a variety of criminal purposes, including running cyber black markets, such as those discovered by FireEye, and child pornography sites.
FireEye researchers said the underground markets are also being used as forums to sell malware. The researchers said the malware is currently being sold for between $1,800 to $2,300.
Villeneuve told V3 that the malware will inevitably be used by hackers to mount further data-stealing attacks, but highlighted recent success by law enforcement in shutting down similar operations as cause for hope.
"We expect these types of breaches to continue. However, it should be noted that there have been successful law enforcement actions against those engaged in coding and using malware designed to commit banking and credit card theft or fraud. Recently, the author of SpyEye was arrested as were those behind Carberp," said Villeneuve.
SpyEye is a financially focused malware that is believed to have stolen hundreds of millions of dollars of financial data. The SpyEye author, Aleksandr Andreevich Panin, was arrested by US authorities on 1 July 2013 at the Hartsfield-Jackson Atlanta International Airport. He pleaded guilty to helping create and distribute the SpyEye malware in January.