Stolen data on 'crime server'
2008-05-07 12:02
London - A web security firm said on
Tuesday it had tipped off international banks and police after
finding a huge trove of stolen business and personal data
amassed on a server in the space of just three weeks.
Finjan Inc said it had notified the US Federal Bureau of
Investigation, police in various countries and more than 40
financial institutions in the United States, Europe and India
about the discovery of the so-called "crime server".
"This server was running for about three weeks and within
this period it managed to collect 1.4 gigabytes of data. It is
indeed the largest treasure we've found in this very short
time," Yuval Ben-Itzhak, chief technology officer of the
California-based firm, said in a phone interview from Israel.
The stolen data consisted of 5 388 unique log files
including 1 037 from Turkey, 621 from Germany, 571 from the
United States, 322 from France, 308 from India and 232 from
Britain.
It included company personnel files, insurance details,
social security numbers, medical records, credit card details
and exchanges of confidential business e-mail, in one case
including details of a pending court case.
Ben-Itzhak said it was striking that the crime server itself
was not security-protected, meaning anyone could potentially
have accessed it over the internet.
"The server was not secure at all. It indicates that these
people that are doing the crime today, they are not security
experts, they are not computer science experts.
"They are people who are buying the crime toolkits ...
software packages that hackers, the smart people, are selling,"
he told Reuters.
"The person that operated this server had no clue on
security, he had no clue about how to configure a web server. He
just took a ... toolkit and started to use it and in three weeks
he managed to have this fortune, this treasure on his server."
'Trojan' software
The crime server had a "command and control" application that
enabled the user to define what types of target to infect with
"trojan" software.
"Online statistics reports are included in this command and
control. They can tell you who you managed to infect; where they
are coming from; if the trojan that is now installed on their
machine is sending you data, how much data you're getting - you
get all these online reports as well."
The hosting server was located in Malaysia and the web
domain was registered to a Russian individual with a Moscow
address. Ben-Itzhak said this could not be validated because
domains can easily be registered in false names.
He said the discovery highlighted a growing trend for
criminals to target commercial data. Details of pricing, company
policies and stock-sensitive earnings results were all at risk.
"It's not just individuals at home doing their online
banking and someone is stealing their password... The big picture
is these criminals are looking for business data."
- Reuters