Crimeware server exposes breadth of data theft

Featured eBooks
Changes in State and Local Government Workforces
NASCIO Special Report 2024
A New Era of Social Media Regulation
Insights & Reports
Short-term rentals and state legislation for local governments
Presented By Granicus
Download Now
The Way Forward: Essential Steps for Strategic Planning Success
Presented By Euna Solutions
Download Now
By William Jackson
 

Connecting state and local government leaders

By William Jackson

|

A 1.4 gigabyte cache of stolen data from North America, Europe, the Middle East and India was found on a Malaysian server that provided command and control functions for malware attacks.

Related Links

Web attacks spike; e-mail attacks down

Last month Researchers at online security company Finjan
uncovered a 1.4 gigabyte cache of stolen data from North America,
Europe, the Middle East and India on a Malaysian server that
provided command and control functions for malware attacks in
addition to being a drop site for data harvested from compromised
computers.


'This is a unique example of what we have been talking
about for the last year,' said Yuval Ben-Itzhak, chief
technical officer at Finjan. Online thieves are using sophisticated
tools to plant malicious code on legitimate Web pages, compromising
visiting PCs and stealing data.


The data included 5,388 unique log files collected in just a
three-week period. The files included personal and business
e-mails, medical records, and financial log-in and transaction
information with not only credit card and account numbers but also
passwords and security codes. Although the trend of using Web
exploits to steal and market personal data has been identified for
some time, the discovery of the cache still was an eye-opener,
Ben-Itzhak said.


'When you see a server with the data there, it's the
difference between theory and reality,' he said. 'When
you see people's medical records and e-mail in this volume,
we were kind of shocked.'


Since the discovery in early April, the company's
Malicious Code Research Center has discovered two similar servers
in different parts world with similar data. They appeared to have
been in operation for shorter periods of time.


Finjan reported the discovery today in the latest
issue of the 'Malicious Page of the Month'
bulletin.


The crimeserver was discovered by analysts monitoring outgoing
traffic from a Finjan customer's network. Following the
traffic to its destination led them to the unprotected server
holding the data. The server contained several Trojans and the
payload injected into compromised Web sites in addition to command
and control software for the attacks and the stolen data.


'It was just waiting for someone to collect it,'
Ben-Itzhak said. Most of the data was in raw log files, although
'in some parts of the server, we found data that had already
been processed.'


Finjan analysts needed a week to process the 1.4 gigabytes and
determine what was there. The log files were traced to 5,878
distinct IP addresses. The number of compromised PCs the data was
lifted from has not been determined, but Ben-Itzhak said it could
be as high as double the number of IP addresses. Files on the
server included 571 log files from the United States, 621 from
Germany, 322 from France, 308 from India, 232 from Great Britain,
150 from Spain, 86 from Canada, 58 from Italy, 46 from the
Netherlands and 1,037 from Turkey.


The server was registered to a man from Moscow and was hosted in
Singapore at the time it was discovered. It has since been shut
down.


'About every week he was moving the server,' from
Russia to China, Hong Kong and finally Singapore, Ben-Itzhak
said.


In the online black market for stolen information, raw data can
be sold in bulk for $1,000 for about 100 megabytes, but individual
credit card numbers with accompanying information can sell for $20
to $50 each. Other files can bring hundreds of dollars, depending
on their contents.


Ben-Itzhak said the discovery illustrates the breadth of the
data theft threat. It is not just personal financial data at risk
but corporate data also. The files included information from what
Finjan described as 40 top-tier global businesses and included
sensitive corporate e-mails.


'We entered a new era in which criminals just need to log
into their 'data supplier' and download any information
suitable for them to conduct their crime, be it financial fraud,
industrial espionage or identity theft,' Ben-Itzhak said.


The company notified more than 40 major international financial
institutions in the United States, Europe and India whose customers
were compromised in addition to international law enforcement
agencies including the FBI.


Ben-Itzhak said the largest financial institutions were not
surprised, but smaller banks were. Cooperation was good from law
enforcement agencies, with which the company maintains close
relationships, he said.



NEXT STORY: Lawmakers question PASS card security

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.