One week after a breached corporate health care company refused to pay extortionists, the criminals now are seeking money from the corporate clients whose employee data might have been exposed.
St. Louis-based Express Scripts said on Tuesday that a limited number of its clients--which include government agencies, unions, and employers--have received letters threatening to expose the personal information of its members. The company said the letters sent to its clients were similar to the original extortion threat it received in October.
The company also said it was establishing a reward totaling $1 million to anyone providing information that results in the arrest and conviction of the criminals responsible.
"We are cooperating fully with the FBI to assist them in their investigation and doing what we can to protect our members," said George Paz, CEO and chairman of Express Scripts, in a statement on the company's site.
In a separate announcement, Express Scripts announced that Knoll, a New York-based risk-consulting firm, has been contracted to offer expert assistance to members who become victims of identity fraud as a result of this incident.
The customer database of Express Scripts, a company used by employer health care services to provide prescription medicine by mail, has been breached. In a twist, the company said it learned of the breach in "a letter from an unknown person or persons trying to extort money from the company."
The company posted details on its Web site Thursday. The letter, received in October, threatened to reveal millions of customer records--including Social Security numbers, addresses, dates of birth, and in some cases, prescription information--on the Internet if the extortion demands were not paid. The company did not disclose what those demands were.
Graham Cluley, of security software maker Sophos, told CNET News that Express Scripts did things right. "It appears they have not paid up." He noted that's important with data theft because the criminals have the data in their possession and can keep going back to the company to get more and more money. Second, Express Scripts went to the FBI and decided to go public about the breach.
"We have identified where the data involved in this situation was stored in our systems and have instituted enhanced controls," Express Scripts said on its site.
Cluley said: "I think it's going to be old-fashioned police work that gets to the bottom of this." For example, it's possible the sender of the extortion request and the attacker used the same servers.
Usually extortion is used in connection with denial-of-service of attacks, when the criminals have nothing of value except the sheer volume of data to spew at a targeted site. A letter is sent asking for money in exchange for ending that attack.
This however is an old-school data theft. The criminals presumably have millions of customer details that can be sold on the Internet. But Cluley notes that "people's identities sell for a relatively small amount, and if you go to an auction site on the Web and try to barter on that, you might not get that much as you might potentially get by embarrassing a company."
A few weeks ago, Sophos noted a similar data breach/extortion attempt at a North American Maserati dealership. Still, Cluley said he does not think this was the beginning of a trend.
Cluley said the thieves in this case might not be connected with the established "carder" world, where personal identities are bought and sold online. "Maybe this is an accidental data leakage, something they stumbled across, maybe they're not part of the criminal community, and they're just taking their chances."
Express Scripts said it will notify affected customers in compliance with state regulations.
Last summer, Sen. Barack Obama's presidential-campaign computers came under cyberattack from an "unknown entity." His machines weren't alone; John McCain's computers were also attacked, according to a report appearing Wednesday on the site of Newsweek magazine.
The Obama attack was initially thought to be a piece of malware downloaded from a phishing site. Newsweek reports that "the next day, both the FBI and the Secret Service came to the campaign with an ominous warning: 'You have a problem way bigger than what you understand,' an agent told them. 'You have been compromised, and a serious amount of files have been loaded off your system.'"
The McCain campaign's computer system was also compromised over the summer. Newsweek confirmed with a top McCain official that the FBI had become involved. A federal investigation into both attacks is under way.
According to Newsweek Editor at Large Evan Thomas, the FBI and White House officials told the Obama campaign that a foreign entity or organization was likely responsible, not political opponents. Independently, Obama technical experts have speculated that the hackers were Russian or Chinese. The files accessed appear to be policy-related and thus potentially useful in future negotiations with a new presidential administration.
Earlier this year, during the primaries, an online prank had the Obama campaign site redirected to Sen. Hillary Clinton's campaign site.
The Newsweek report is part of a special edition that will be on newsstands November 6 through 16, and online November 5 through 7.
On Tuesday, the FBI announced the indictment of a former technology director accused of hacking into the system at a Houston organ bank and deleting patient files.
The indictment alleges that Danielle Duann, 50, illegally accessed and damaged LifeGift Organ Donation Center's database in November 2005, shortly after she was fired as director of information technology for the company. She is alleged to have deleted organ donation database records and accounting invoice files from the network. LifeGift said that all of the records were restored from a backup and that no patients were put into jeopardy.
At the time of her dismissal, LifeGift revoked of all Duann's passwords and privileges to the network. On November 7 and 8, 2005, she allegedly re-entered the network and deleted files containing organ donor information and other related organ and tissue recovery work, according to a Department of Justice press release.
If convicted, Duann faces a maximum of 10 years imprisonment and a $250,000 fine.
Worried about online auction fraud? If you're a man you should be, according to the latest Internet Crime Complaint Center report (in PDF). On average, men lost more money to online fraud than women in 2007. Men also perpetrated most of the online crime, accounting for 75 percent of the total reports last year. And while the overall number of complaints declined when compared with previous years, the total dollar value in losses rose to a record high of $239 million in losses in 2007. That's $40 million more than in 2006.
The Internet Crime Complaint Center (IC3) is a partnership among the Federal Bureau of Investigation, the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA) and publishes annual statistics on the complaints it receives throughout the year. It offers assistance to victims and Web sites affected by Internet crime. The information collected by the project also supports active investigations, trend analysis, and public outreach and awareness efforts.
The IC3 report for 2007 states that the category with the most complaints was online auction fraud, followed closely by non-delivery. But in terms of dollars lost, investment fraud ranked No.1, reporting an average $3,547 per complaint, as opposed to the dollar losses associated with auction fraud, a mere $438 per complaint.
In a press release, FBI Cyber Division Assistant Director James E. Finch said, "What this report does not show is how often this type of activity goes unreported." So the amount in losses could be much higher than that reported.
The FBI is warning that Valentine's Day e-mails you see this year might be coming not from loved ones, but from the Storm worm botnet. In a press release Tuesday, the FBI warns users to be on the lookout for e-mail that "directs the recipient to click on a link to retrieve the electronic greeting card (e-card). Once the user clicks on the link, malware is downloaded to the Internet-connected device and causes it to become infected and part of the Storm worm botnet."
Dr. Jose Nazario of Arbor Networks said the authors of Storm have launched a carefully orchestrated series of lure campaigns to bring new members into the network. One of them is Valentine's Day-themed. Nazario said the creators of Storm have in recent weeks "grown the network by as much as 50 percent."
Nazario blamed fresh spam and incomplete antivirus protection on users' desktops for the new botnet infections.
"Generally speaking, when you only have something like 25 percent or less who are updated with the current patches and Best Practices in AV software, it doesn't really matter. You can be caught up with the latest AV fix, but if other people aren't really applying it, it doesn't really matter."
If you don't have antivirus protection, get some. See CNET's latest antivirus performance test results here. If you already have an antivirus product installed, make sure your subscription and the data files are both up to date.
- prev
- 1
- next
