Security News > 2001 > March > FBI investigating widespread Web site break-ins by crime groups
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO58414,00.html By DAN VERTON March 08, 2001 The FBI today disclosed it has launched 40 separate investigations into alleged hacking incidents by Eastern European organized crime groups that are believed to have stolen more than 1 million credit card numbers from e-commerce and online finance Web sites powered by Windows NT servers. A spokeswoman for the FBI's National Infrastructure Protection Center (NIPC) said the break-ins have occurred in 20 U.S. states and are thought to be part of a systematic effort by crime syndicates in Russia and Ukraine to break into vulnerable Web servers. Estimated financial losses since the NIPC issued an initial warning about the threat in December total as much as hundreds of thousands of dollars, she said. But the figure could be much higher, the spokeswoman added, saying that the NIPC hasn't been able to determine an exact damages amount. The agency, which is based at FBI headquarters in Washington, today released a new advisory saying that the hacking activities are continuing and reiterating a recommendation that systems administrators should check their NT-based servers to make sure patches designed to fix several known security holes have been installed. To date, the NIPC spokeswoman said, e-commerce sites across the country have failed to heed the warnings about the holes in Microsoft Corp.'s operating system software. She described the new advisory as "a public service announcement" meant to urge companies to bolster the security of their Web sites by downloading the patches made available by Microsoft. "These [organized crime] groups have hit on these sites using known vulnerabilities for months now, and people are not heeding the warnings," the spokeswoman said. Microsoft discovered and patched many of the vulnerabilities in NT as early as 1998. But until companies take the appropriate steps, she added, the attacks are "not going to stop." The crime syndicates are targeting customer data, specifically credit card information, according to the FBI. In many cases, today's advisory said, the attacks go on for several months before the company being hit discovers the intrusion. After the attackers steal the data from a Web site, they often contact the victimized company by fax, e-mail or telephone and make a veiled extortion threat by offering Internet-based security services that would protect the targeted server from other attackers. Federal investigators said they also believe that in some instances, the credit card information is being sold to other organized crime groups. The NIPC's advisories about the attacks list the vulnerabilities that are being exploited and provide links to bulletins issued by Microsoft about the relevant patches. Chris Rouland, director of the X-Force vulnerability research unit at Internet Security Systems Inc. in Atlanta, said a lot of malicious hacking activity is originating in Eastern Europe, including widescale probing of Web servers. "Anything that gets plugged in [to the Internet] gets probed," Rouland said. "It's not a question of if, but when." The SANS Institute, a Bethesda, Md.-based research organization for systems administrators and security managers, today released an alert about the FBI's ongoing investigations that called the hacking incidents "the largest criminal Internet attack to date." The alert added that the SANS-affiliated Center for Internet Security plans "within a day or two" to release a software tool that can be used to check NT servers for the vulnerabilities and to look for files found by the FBI on many compromised systems. The center's tools are usually limited to its members, but SANS said this one will be made available on a widespread basis "because of the importance of this problem." The NIPC wouldn't identify any of the Web sites that have been hit by attacks. But in December, Creditcards.com -- a Los Angeles-based company that has since changed its name to iPayment Technologies Inc. -- confirmed that about 55,000 credit-card numbers had been stolen from its Web site (see story). More than 25,000 of the numbers were exposed on the Internet after the company ignored a $100,000 extortion attempt believed to have come from a Russian hacker. Earlier this week, Bibliofind.com, an online marketplace for rare and hard-to-find books that's owned by Amazon.com Inc., disclosed that a malicious hacker had compromised the security of credit-card data for about 98,000 users of its Web site. The intrusions began in October and weren't discovered until last month, according to Waltham, Mass.-based Bibliofind (see story). Egghead.com Inc. in Menlo Park, Calif., also was hit by an intrusion late last year. The online technology retailer's CEO said in January that an internal investigation showed no customer data had been compromised. But some Egghead users claimed their credit-card numbers had in fact been stolen, with one saying her card was debited for a charge to a fraudulent Web site in Russia ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
News URL
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO58414,00.html