Getting hacked is like having your computer turn traitor on you, spying on everything you do and shipping your secrets to identity thieves.
Victims don’t see where their stolen data end up. But sometimes security researchers do, stumbling across stolen-data troves that offer a glimpse of what identity theft looks like from criminals’ perspective.
Researchers from UK-based security firm Prevx found one such trove, a Web site used as a stash house for data from 160,000 infected computers before it was shut down this month.
The find offers a case study on just how much data criminals are stealing every day, from the utterly inconsequential to the alarmingly private.
It also shows the difficulty in shuttering criminals’ ID-theft beachheads: The Web site Prevx found, which was operating on a server in Ukraine, was still online for nearly a month after security researchers alerted the Internet service provider and law-enforcement authorities. The site was sucking up data from 5,000 newly infected computers each day.
The victims in the Prevx find are mostly everyday people handing over their passwords for Facebook and banking sites, along with their love notes and other e-mails. But more dangerous personal information is there, too, including Social Security numbers and other account information from one bank’s infected computer.
Caches of stolen data like these are hidden throughout the Internet, usually locked away inside password-protected Web sites or heavily fortified servers. Prevx’s researchers were able to infiltrate this site because it was protected with poor encryption.
In that sense, the find illustrates how even sloppy crooks can vacuum up enormous amounts of information through massive “botnets” — armies of infected computers formed by spreading a computer virus that orders compromised machines to phone home for further instructions, such as sending out spam or relaying passwords.
The botnet Prevx found was only harvesting data, though Prevx said it could have been upgraded to do other things.
Ordinary Internet sessions are logged in great detail. One 22-year-old southern Californian could be seen registering a domain name with GoDaddy.com, changing his Yahoo e-mail password and ordering a meal online from Pizza Hut. His credit card number, birth date, telephone number, address and passwords are now all in criminal hands, though it’s unclear what, if anything, criminals have done with the information yet.
Some victims are gold mines for sensitive data. An infected computer at a Georgia bank exposed customer details and credentials for the bank’s wire-transfer system. Bank employees were checking e-mail, looking up BMWs and Infinitis and working with customers’ accounts on the same infected machine.
Government computers were also hit, including one in Texas that coughed up Web site logins for one of the government’s health care providers, and another in North Carolina that revealed access to an agency’s human resources system.
“This is giving criminals the keys to the castle,” said Jacques Erasmus, Prevx’s director of malware research. “Once they’re into this system, it might not seem at this point like it’s the biggest data heist ever, but this is how they get into a network. This is their game — they do this every day.”
In other words, criminals start small, then use their first point of attack as a way to jump onto more sensitive computers.
Researchers who discover these stolen-data caches then have to figure out what to do with them. Notifying victims is time-consuming and difficult, and researchers tend to focus on trying to get service providers to deactivate the servers before criminals get to the data on them.
Prevx said it alerted the site’s Internet provider, the FBI and UK authorities about the breach it discovered. The company also talked to the affected bank, Doraville, Georgia-based Metro City Bank, a community bank whose Web site lists four locations, and Prevx said the bank has removed the infected computer.
One customer — Yoon-Kee Hong, a 22-year-old college student from Suwanee, Georgia — had signed up for an account with Metro City Bank just a month before learning about the breach. He said he had not been alerted by the bank that his Social Security number and other personal details were stolen.
After being told about the breach by The Associated Press, which picked his name from the files provided by Prevx, the student said he planned to cancel his account.
“I cannot trust them any more,” he said. “They’re not doing what they’re supposed to do. They didn’t even notify me. It’s like they’re trying to hide it from their customers.”
He later relented and decided to stay with the bank after he was offered a new account and promises of fraud alerts.
The bank said in a statement that it was notifying customers and investigating the breach, refusing to comment further. State officials in North Carolina and Texas didn’t return calls on the breaches there. The FBI didn’t return a call about the breaches.
Such finds are becoming more common as the barrier lowers for crooks to jump into the online identity theft racket.
Top-of-the-line viruses, also known as Trojans, can be had for under US$1,000.
Joe Stewart, a SecureWorks Inc. botnet expert who was not involved in Prevx’s research, said that last year, he helped shut down a command-and-control server for a huge botnet that had infected more than 378,000 machines and had stolen more than 460,000 usernames and passwords.
There are countless other smaller botnets, set up by less sophisticated criminals who steal as much data as they can and simply pull up stakes, and do it all over again, once their operation has been detected.
“The level of amateurness speaks to how widespread it is,” Stewart said. “Literally anybody with a little bit of computer knowledge at all, if they have the criminal bent, can get access to one of these Trojans and get it out there and start stealing people’s data.”
Recently, China launched another diplomatic offensive against Taiwan, improperly linking its “one China principle” with UN General Assembly Resolution 2758 to constrain Taiwan’s diplomatic space. After Taiwan’s presidential election on Jan. 13, China persuaded Nauru to sever diplomatic ties with Taiwan. Nauru cited Resolution 2758 in its declaration of the diplomatic break. Subsequently, during the WHO Executive Board meeting that month, Beijing rallied countries including Venezuela, Zimbabwe, Belarus, Egypt, Nicaragua, Sri Lanka, Laos, Russia, Syria and Pakistan to reiterate the “one China principle” in their statements, and assert that “Resolution 2758 has settled the status of Taiwan” to hinder Taiwan’s
The past few months have seen tremendous strides in India’s journey to develop a vibrant semiconductor and electronics ecosystem. The nation’s established prowess in information technology (IT) has earned it much-needed revenue and prestige across the globe. Now, through the convergence of engineering talent, supportive government policies, an expanding market and technologically adaptive entrepreneurship, India is striving to become part of global electronics and semiconductor supply chains. Indian Prime Minister Narendra Modi’s Vision of “Make in India” and “Design in India” has been the guiding force behind the government’s incentive schemes that span skilling, design, fabrication, assembly, testing and packaging, and
Singaporean Prime Minister Lee Hsien Loong’s (李顯龍) decision to step down after 19 years and hand power to his deputy, Lawrence Wong (黃循財), on May 15 was expected — though, perhaps, not so soon. Most political analysts had been eyeing an end-of-year handover, to ensure more time for Wong to study and shadow the role, ahead of general elections that must be called by November next year. Wong — who is currently both deputy prime minister and minister of finance — would need a combination of fresh ideas, wisdom and experience as he writes the nation’s next chapter. The world that
As former president Ma Ying-jeou (馬英九) wrapped up his visit to the People’s Republic of China, he received his share of attention. Certainly, the trip must be seen within the full context of Ma’s life, that is, his eight-year presidency, the Sunflower movement and his failed Economic Cooperation Framework Agreement, as well as his eight years as Taipei mayor with its posturing, accusations of money laundering, and ups and downs. Through all that, basic questions stand out: “What drives Ma? What is his end game?” Having observed and commented on Ma for decades, it is all ironically reminiscent of former US president Harry