August 8, 2005 12:06 PM PDT

ID theft ring hits 50 banks, security firm says

Related Stories

Hacking for dollars

July 6, 2005

Phishing attacks take a new twist

May 4, 2005

Worst spyware queues up

December 21, 2004
A major identity theft ring has been discovered that affects up to 50 banks, according to Sunbelt Software, the security company that says it uncovered the operation.

The operation, which is being investigated by the FBI, is gathering personal data from "thousands of machines" using keystroke-logging software, Sunbelt said Monday. The data collected includes credit card details, Social Security numbers, usernames, passwords, instant-messaging chat sessions and search terms. Some of that data is then saved in a file hosted on a U.S.-based server that has an offshore-registered domain, according to Sunbelt.

In the two days that Sunbelt has been monitoring the file, the company has seen confidential financial details of customers of up to 50 international banks, said Eric Sites, vice president of research and development at the Clearwater, Fla.-based security software maker.

"For almost every bank that is listed (in the file), it's possible to get into the person's account," Sites said.

Along with passwords for online banking sites, information on credit cards also has been gathered. Sites said that Sunbelt had found one customer's credit card number, expiration date and security code, in addition to name and address. That information would allow anyone to use the credit card, he said.

"The types of data in this file are pretty sickening to watch," Sunbelt President Alex Eckelberry wrote in a blog posting dated Saturday. "In a number of cases, we were so disturbed by what we saw that we contacted individuals who were in direct jeopardy of losing a considerable amount of money."

Sunbelt said that the people behind the scheme have obtained access to a considerable amount of bank information, including details about one company account containing more than $380,000 and another account that has "readily accessible" funds of more than $11,000.

An FBI representative was unable to confirm whether or not an investigation was taking place.

The data theft is carried out by a Trojan horse downloaded at the same time as CoolWebSearch and a mail zombie, Sunbelt said. Patrick Jordan, a Sunbelt employee, discovered the identity theft ring while researching a variant of CWS, which is a malicious program that hijacks Web searches and disables security settings in Microsoft's Internet Explorer Web browser.

"During the course of infecting a machine, he (Jordan) discovered that a) the machine he was testing became a spam zombie and b) he noticed a call back to a remote server. He traced back the remote server and found an incredibly sophisticated criminal identity theft ring," Eckelberry wrote in the blog posting. "We are still trying to ascertain whether or not this is directly related to CWS."

The malicious code is hosted on a Web site that mainly hosts pornography, which Sites was unwilling to name. Users of Windows XP who have not installed Service Pack 2 are particularly vulnerable, as the code could be automatically downloaded without the user's knowledge, Sites said. Sunbelt is currently investigating whether users of earlier Windows versions, such as Windows 2000 and Windows ME, are also vulnerable.

"If you have an unpatched Windows machine, when you go to the URL it will automatically download everything from the Web site, including the Trojan. All you have to do is type in the URL and you're hosed," Sites said.

The Trojan is a new variant, so antivirus and anti-spyware vendors do not yet block it, Sites said. Sunbelt plans to send information on the Trojan to security companies as soon as possible.

The activity could be the latest attempt by a criminal gang to use spyware for financial gain. In March of this year, Britain's National Hi-Tech Crime Unit foiled an attempt to steal about $390 million from the Japanese bank Sumitomo Mitsui. In that case, keyloggers were used to relay passwords and access information to the criminals who intended to transfer the funds electronically. A man in Israel was arrested after allegedly trying to transfer $25 million of the funds.

"We are aware of (Sunbelt's claims) that personal information was captured. But we can't confirm it until we can take a look at it," said an eBay spokesman. "If it is the case, we will act accordingly and appropriately."

eBay owns online payment service PayPal.

Ingrid Marson of ZDNet UK reported from London. CNET's Dawn Kawamoto contributed to this report.


Join the conversation!
Add your comment
ID theft ring hits 50 banks, security firm says
ID theft ring hits 50 banks, security firm says

Mr. AT Alishtari, POA and Founder EDI Secure LLLP, says the problem is not blowing over. Cyber mafias know their days are numbered since when G8 central banks start licenseing and linking two-factor authentication with offline devices in two years to protect consumers and depositors, their game is up.

The US Commerce Depart NIST level 4 authentication that this company owns a legal US patent to that type of technology will eliminate all ID from theft online by keeping it offline.

There will be nothing for the cyber mafias to steal later on if the G8 plans complete soon so they are getting while the getting is good.

The problem is big banks are like ships fighting submarines without a unified approach. Each bank thinks that it missed the bullet when another bank is hit not knowing that bank is clearing the way for it to also be sunk fast from below.

Software is like depth charges that either hits or misses but our technology using two factor authentication with offline devices is true stealth technology. The cyber mafias cannot hit what they cannot see.
Posted by (66 comments )
Reply Link Flag
Security and Forethought?
I'ts sad to see a company like Ebay take such a relaxed approach
to security. It seems as though network security and preemptive
thinking doesn't go hand in hand with a lot of tech firms.

Web exploits, server exploits, and security exploits are widely
publicized on a daily basis; usually with information on how to
fix the issue.

It is the responsibility of Ebay, Wells Fargo, and the
rest of the tech firms to be pro-active in the realm of security.
Having a preemptive thinking model can only help technology
companies better defend as well as combat security issues as
they arrive.

Attitudes in technology like the ones displayed by Microsoft
have a lasting effect on consumer's and corporations alike. This
lasting effect ends up to be a win / lose situation for everybody.

Microsoft, Ebay and the rest of the tech giant's all win because
they will continue to make money without batting an eye or a
wink of concern for the consumer. And we the general public
and corporations alike will lose money, a sence of security, and
ultimately your identity.

Until the government posts serious fines for these companies for
allowing security breaches, they will continue to profit off of our
information whether we like it or not.

The end result is lost money, lost time, and a lost sence of
security by the consumer. All of this while the company that
leaked the information posts a press release and goes on about
there daily business.

A little preemptive thinking can go a long way!

Posted by OneWithTech (196 comments )
Reply Link Flag
It just isn't right.
I agree with you that some of these companies feel since no one is attempting the solutions that work because they don't own the patent thereto that just placate the consumer. Well I am a consumer and I say lax attitudes today is wrong. It jsut isn't right and later it will come back to bite them in the rear. That's what I think. Ciao now.
Posted by Iohagh (54 comments )
Link Flag
Justin you are talking my language
I agree "a little preemptive thinking can go a long way!"

The US of A Federal Government must post serious fines for banks allowing security breaches but it must also implement its new FFIEC guidelines that lead to a flawless off line block to crooks stealing our bank private ID at all.

The lost money, lost time, and a lost warm and fuzzy on security by the consumer must be replaced by flawless technology of a security box outside the Internet box to block ID theft.

All I can say is I agree with you and this is the year the change must take place or E-Commerce will lose all consumer confidence.

That is what I think. Ciao now.
Posted by Iohagh (54 comments )
Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.