One million credit cards stolen online

The FBI has warned that East European hacker gangs have stolen over a million credit card numbers from e-commerce and e-finance websites over the past year, each time using avoidable security vulnerabilities in Microsoft's Windows NT to make their attacks.

  • E-Mail
By  Mark Sutton Published  March 12, 2001

The FBI has warned that East European hackers are targeting known security vulnerabilities in Microsoft NT to attack e-commerce sites.
A recent bulletin from the US National Infrastructure Protection Centre (NIPC) warns that highly organised gangs have stolen over one million credit card details from over 40 sites in the past year.

Unlike other hackers, however, who simply use stolen cards for fraudulent transactions, these criminal groups then attempt to blackmail the targeted sites by offering ‘security services’ to prevent further attacks.

The attacks, which have been monitored by the inter-agency NIPC, are the work of Russian and Ukrainian groups. After stealing credit card data, customer databases or other proprietary information, mainly from e-commerce and e-finance sites, the gangs then contact the victim and in a veiled extortion threat offer security services to ensure that the attacks is not repeated or that any of the stolen data is posted on the Internet. The FBI also suspects that credit card data is being sold on to other organised crime groups, regardless of whether the victim succumbs to the blackmail attempt or not.

The Microsoft NT security vulnerabilities that are being exploited are all avoidable, with patches for some of the problems having been available since 1998. The bugs allow unauthorised access to IIS servers and Windows NT registry and web server file request parsing, and unauthorised access to SQL server data. The NIPC is so concerned at the lack of response from e-businesses to repairing these holes that it is even directing companies to the Microsoft patches from its own site www.nipc.gov

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code