The malware behind the Target breach—and possibly one at Neiman Marcus—was written by a Russian boy about 17 years old, according to an intelligence firm's report. As noted by Gawker, the boy isn't thought to have been directly involved in the hack on the store. "The real bad actors responsible for the past attacks ... were just his customers," says the president of IntelCrawler. A "well-known" hacker, the boy developed the original program in 2013; since then, it's gone by multiple names, including BlackPOS and KAPTOXA, IntelCrawler reports. The firm adds that some 40 cybercriminals, mostly in Eastern Europe, have bought the "inexpensive" program.