Russia May Be Shielding Neiman Marcus Hackers
The data breach at upscale retailer Neiman Marcus discovered this past January was the work of an infamous Russian crime syndicate responsible for the theft of over 160 million credit cards in the past seven years, according to a Bloomberg Businessweek report. U.S. law enforcement has been after the group for years, the report said, but has been hampered by a studied disinterest on the part of Russian officials.
The criminal syndicate has been connected to credit cards stolen from over 100 different companies since 2005, including J. C. Penney, 7-Eleven and Citigroup, U.S. officials told the magazine. However, the group does not appear to be related to the criminals who stole 40 million debit- and credit-card numbers, and information on 70 million customers, from Target at around the same time.
MORE: How to Protect Yourself from Data Breaches
Russia and Eastern Europe at large are known hotbeds of cybercrime, and this syndicate, which the magazine did not name, is far from the only wanted group in the area. For example, U.S. authorities now believe that younger, less sophisticated hackers were responsible for the Target attack, Bloomberg Businessweek reported.
Both groups used variations of a type of malware called BlackPOS, which infects point-of-sale devices and copies the numbers of swiped cards while they're momentarily stored in the card reader's RAM, or temporary memory. BlackPOS is well known among online criminals and is quite easy to acquire.
The FBI and the U.S. Secret Service have been trying to shut down the syndicate behind the Neiman Marcus breach for years, indicting several of its members, conducting international sting operations and meeting secretly with Russian intelligence officials, according to two former U.S. officials who spoke anonymously to Bloomberg Businessweek. Two of the syndicate's members are in U.S. custody, and Russia is currently trying to repatriate another member who is in a Dutch prison.
But so far, attempts to shut down the syndicate have failed. Arrested members have been replaced, and the group's activities appear to be progressing with little delay. U.S. officials blame this failure on the Russian government's unwillingness to help.
"The FBI has tried to get cooperation, the State Department has asked for help and nothing happens, so law enforcement options under the current circumstances are pretty negligible," Richard Clarke, a former special adviser for cybersecurity to President George W. Bush, told Bloomberg Businessweek.
It's not that the Russians aren't listening. Some U.S. officials think Russia uses information shared by the FBI to identify talented hackers who can be recruited for national-security purposes, such as the cyberattacks currently being conducted against Ukraine, according to Bloomberg Businessweek's sources.
The Bloomberg article also reports that the U.S. came close to bringing down the syndicate in 2008-2009, when Dmitri Medvedev temporarily replaced Vladimir Putin as president of Russia and Russian government cooperation briefly improved. Over the course of many visits to the country, the FBI and Secret Service gave Russia dossiers on several wanted cybercriminals, and Russia promised to make arrests as soon as possible.
However, those arrests never occured.
Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+. Follow us @TomsGuide, on Facebook and on Google+.
Copyright 2014 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
