Home / One million credit cards stolen online

One million credit cards stolen online

The FBI has warned that East European hacker gangs have stolen over a million credit card numbers from e-commerce and e-finance websites over the past year, each time using avoidable security vulnerabilities in Microsoft's Windows NT to make their attacks.

The FBI has warned that East European hackers are targeting known security vulnerabilities in Microsoft NT to attack e-commerce sites.
A recent bulletin from the US National Infrastructure Protection Centre (NIPC) warns that highly organised gangs have stolen over one million credit card details from over 40 sites in the past year.

Unlike other hackers, however, who simply use stolen cards for fraudulent transactions, these criminal groups then attempt to blackmail the targeted sites by offering ‘security services’ to prevent further attacks.

The attacks, which have been monitored by the inter-agency NIPC, are the work of Russian and Ukrainian groups. After stealing credit card data, customer databases or other proprietary information, mainly from e-commerce and e-finance sites, the gangs then contact the victim and in a veiled extortion threat offer security services to ensure that the attacks is not repeated or that any of the stolen data is posted on the Internet. The FBI also suspects that credit card data is being sold on to other organised crime groups, regardless of whether the victim succumbs to the blackmail attempt or not.

The Microsoft NT security vulnerabilities that are being exploited are all avoidable, with patches for some of the problems having been available since 1998. The bugs allow unauthorised access to IIS servers and Windows NT registry and web server file request parsing, and unauthorised access to SQL server data. The NIPC is so concerned at the lack of response from e-businesses to repairing these holes that it is even directing companies to the Microsoft patches from its own site www.nipc.gov

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.