While the boy is not directly responsible for the attack he did in fact write and sell a malicious software program that helped attackers gain access to credit card information from POS systems. Investigators revealed that the software known as BlackPOS was sold to more than 60 people. An average price for it was $2000.
The 17-year-old is originated from St. Petersburg and is very known in underground marketplaces for his programming abilities for malicious code. The Neiman Marcus attack which happened not long after the Target attack used the same malware. The attackers who ended up with millions upon millions of credit and debit card information reportedly gained access to software retailers' systems via different brute force techniques and dictionary attacks on remote login interfaces present on servers located within the companies. In the attack hackers targeted POS systems (these were infected with the malware) as well as back-office computer servers which allowed the attackers to breach other stores too.
The secret service already knew about the new innovative malware for POS systems but there is nothing they can do right now to stop it from being sold in other countries.