Staff Writer
Columbus CEO

c.2013 New York Times News Service

We may be one step closer to knowing who was behind the security breach at Target that compromised 40 million customer records.

On Tuesday, Brian Krebs, the security blogger who first broke the news that Target was breached, said he believed he had identified a Ukrainian man who he said was behind one of the primary black market sites now selling Target customers’ credit and debit card information for as much as $100 a piece.

Krebs lays out evidence that the man, Andrew Hodirevski, may be in touch with the criminals supplying Target’s credit card data. There is no evidence that Hodirevski himself is behind the Target breach.

Through some impressive Internet sleuthing, Krebs said he had tracked Hodirevski to Rescator, the online alias for the person behind, an underground website that is selling Target’s stolen credit card data. (Other sites, including, and, are also selling this information.)

After tying the alias Rescator to, Krebs said, he found a now deleted comment from Rescator in an August 2011 forum in which he introduces himself as “Hel,” one of the three founders of, a now defunct hacker forum.

After Hel and two other founders of that forum hacked a well-respected Russian hacking forum, its founders suffered a retaliatory counterattack in which hackers posted photos of Darklife’s founders — including one they identified as “Helkern”— online.

Krebs found an instant messaging name, email address and several postings by the alias Helkern online, including one posted to a Russian gaming forum, in which Helkern identifies his location as Odessa, Ukraine.

Further snooping revealed that Helkern’s web address was registered to Andrew Hodirevski in Odessa, Ukraine. Other online profile pictures for an Andrew Hodirevski in Odessa matched the pictures exposed in the counterattack.

Krebs uncovered a now defunct, 2010 profile for Hodirevski in which he lists his personal goals as getting married to his girlfriend, buying a $20,000 Toyota Solara, moving to Helsinki and world domination.

“I have no idea if Rescator/Helkern/Andrew was involved in hacking Target, but it’s a good bet that he at least knows who was,” Krebs said.

Krebs tried to reach Hodirevski and received one email reply from an individual who said he could relay Krebs’ questions to Hodirevski. When Krebs did not receive a response to his original questions, he pinged the individual again Tuesday. This time, the person offered Krebs $10,000 not to post his article.

“Obviously, I did not take him up on his offer,” Krebs wrote.