One year after thieves infiltrated Target's cash registers, a website openly sells millions of credit and debit card numbers stolen in that data breach and many others.
Anyone can log on to the site, rescator.cc, and shop for cards by ZIP code. This illegal marketplace is the most glaring reminder that no one has been brought to justice in the massive theft of Target customer data.
Federal authorities declined to say anything about their investigation, which is being led by the U.S. Secret Service. Yet cybersecurity professionals have named one person they believe is linked to the stolen card website: a Ukrainian hacker named Andrey Hodirevski.
Brian Krebs is the blogger who broke the Target breach story and first named Hodirevski a year ago. "He may not be rescator, but it's pretty clear that he knows the people who are and probably is in touch with them," Krebs said.
Two other security pros say Hodirevski almost certainly has a hand in running the site. Dmitry Volkov, head of investigations at Russian computer security company Group-IB, said in an interview that Hodirevski goes by the nickname "rescator" and has for several years been on his company's radar as a carder, or dealer in stolen payment card info. He said Hodirevski was a main member of DarkLife, a defunct Russian-language hack team.
"He has a high reputation and credibility among other carders and hackers," Volkov told the Star Tribune. "He is not just another carder."
Mark Lanterman, a former member of the Secret Service Electronic Crimes Task Force and now chief technology officer at Computer Forensic Services in Minnetonka, said the evidence points to Hodirevski.
"It's circumstantial, but there's a lot of it," Lanterman said. "His website is up and active and going stronger than ever, which is disappointing."