Wednesday, May 07, 2008

Stolen information from 40 financial and medical institutions discovered on rogue server

Once in awhile, I speculate that stolen information is a lot more valuable to the criminal element before it becomes apparent that it's been stolen. I've also speculated aloud that there is probably a lot more stolen information out there than we are aware of. The good folks at Finjan are well on their way to substantiating this speculation.

Yesterday, they announced the following on their malicious page of the month:

While we were examining malicious code, we came across a domain which was being used as a command and control for the Crimeware that was executed on attacked machines. The domain was also used as the “drop site” for private information being harvested by that Crimeware.

When we further examined this server, we found the stolen data left unprotected and available for anyone on the web (i.e. no access restrictions, no encryption whatsoever).

The server that we analyzed contained more than 1.4Gb of data (both business and personal related) collected from infected PCs, which consisted of 5,388 unique log files, that were traced back to 5,878 distinct IP addresses. Both email communications and web related data were found.
The information discovered was from 40 unnamed financial and medical institutions from several different continents. The server used to store this information was being moved frequently, but if found, anyone could access it.

They made the observation that last year, according to what statistics are available, 8.5 million records were compromised. One of these statistics, obtained from IC3 states that 20 percent of the 206,884 cases (roughly 40,000) were due to computer hacking. Finjan points out that on this one server, they discovered approximately 5,000 records.

I’ll let the reader do their own math, but if this is true there is probably a lot of unknown hacking activity happening in the wild.

Please note that all the kind people compiling statistics only know what is reported to them, and some of them have been very vocal in pointing this out. My personal guess is that there is so much stolen information out there that when any individual case is investigated, it’s almost impossible to do more than speculate, exactly where the point of compromise occurred.

Besides that, hackers are unlikely to want to reveal where they are stealing all their information from. Once revealed, it’s harder to use and not worth as much money.

The information on the server included compromised medical information, online banking information (including passwords) and complete logs of payment card (debit/credit) card transactions, including CVV2 information and the miscellaneous “extras.” This all occurred on “supposedly” secure sites.

I found this interesting because the merchants have been under fire for becoming compliant with PCI data security standards in light of a few highly publicized data breaches. Of course in the recent Hannaford case, they were compromised and had been certified as being PCI compliant. PCI data security procedures are the payment card industries own standards for protecting information.


Based on these findings, hackers don’t have to compromise a merchant to steal everything they need to commit financial crimes and it’s pretty obvious that financial institutions are being compromised, also.

Also found on the server was a lot of business proprietary information harvested from a lot of internal e-mail accounts. In the past year or so there seems to have been a lot of campaigns to obtain other than financial information from businesses. The clear intent in this activity is corporate espionage (my speculation).

Finjan reports that this particular theft campaign was made possible with a do-it-yourself (DIY) crimeware kit called the AdPack Toolkit. They also reported that this kit gives the user command and control functions, enabling them to execute admin functions with the illicit software.

Finjan is not revealing (they never do) exactly which institutions were compromised. Even though they are not revealing names, they did report the activity to law enforcement and the institutions involved.

1 comment:

Anonymous said...

the grim reaper pointing at duncan rouleau and his family, like jonah weiland, michael hull, Reverend S. M. Scott, Rebekah bekah girl, Lee Grady, James C. Moberg, Gabriel Leonard, Paula Cavu, Aubrey Malphurs, Timothy Fish, Stephanie Edge, John Vlautin, Roy Sauzek, Ron King , Dan Jessen, Ben Arment, nolan bobbitt, gavin proter Robby mac, mary nella mclaughlin, ann marie, Gerry Mc Daniel, dave wilson, todd callender, Matthew Littleton, Amos R. Albright, Sean von Tagen, pastor wally, paul wally, Laurie Hirata, Barbara O'Brien, John Strong, Chris Forbes, Keith Page, Kathryn Aragon, Paul R. Mitchell, Mike Oppenheimer, dchandler, dchandler's, drew chandler, Daniel Brown, Steve Stephens, Gautam Godhwani, Brad Edwards, Ronald V. Duncan, Carroll Marr, Mike Slaughter, Donald W. Ebelt, Jr, Rich DuBose, andy jayne, Jayne, President Joseph Castleberry, jim null from medsend, Andy, Jayne, Ken Himes, D.Min., CKYT Radio 13's sistermoonshine, wolfie_and_kansas, wolfie, kansas, sistermoonshine13@hotmail.com, Sam Huddleston, Tim Colovos, Ken Godevenos, renee delorenzo, sistermoonshine13, Jonty Wareing, of the last-fm, Kurt McClung, sabrina mckenzie, Paula M. Cavu, Rizza Legaspi, James Mills, Carl Schenck, utubia1party, BARB BALLARD, snygman, snygman Carregando, Mike Bickle, Yvonne Platts, john wright, Rick Frye, Paul and Agnès Sanders, Lynda Freeman, Dora Dueck, Rev. Dr. John H. Thompson, Sr, John Theis, Ali Klees, Duane Ray, Terry Pratchett, Darlene Zschech, Lou Engle, Nadia Dronova, valoria cheek, Rev Tripp, Gifts from God Ministries, Sue Shaw, margaret marcuson, Ronnie Floyd, Woodley, Matt Woodley, Julie, Eddy Hall, Jennifer Gale, Thomas Reddinger, Ms. Garnet, Ginny Olson, Diane Elliot, Mike Work, Howard Culbertson, Senyum Sayang, Dana Reardon, Robert Tulip, Karl Kobrock, dan burrell, Mark Inouye, Bill Donahue, Terry Bates, Kathy Lefler, Jason Boyett , Pinto, Francisco's pastor bryan article, BEN BINGER, Carl Nash, Deb Wilkins, John Godson, Misja Pielgrzym, Kosciol Bozy w Chrystusie, Jim Coons, Chris Beach, ken hammonds, John Bjorge, shaun groves, Jack Hammans, marynella mclaughlin, Curt Swindoll, CEO, brian m. Albrecht, Marilyn Strauss, Bethany Yeo, Wayne Jacobsen, John Klees and Micki Cabaniss, David W. Henderson, Tim and Daphne Stapleton, shawn brown, nelson osamu hayashida, Scottie May, Dayton, Ed, ed dayton, Dominic & Nomi Sola's Michelle M. , Larry Crabb, Childress, Jeffrey, Craig Rucin, Michelle M, Wilson L. Deaton, David Mackin, Danny Stone, Fred Smith, President, The Gathering, Dr. Kenneth Boa, Mark Peterson, Bonnie Brann, frank rosensterndoug , Jay & Linda Threadgill, small, ismail kadare, janetmck, arron shutt, george doran, elizabeth shea, Ken Kelly, andy shaw, tom beland, kenley darling, quinling harlequin, Fred Knoll, Derek Lynas, david shapiro, Lynsae Harkins, cecil pennyton, joe lalich, dave karlotski, daugan, Amanda at Mama sings: Leaving Egypt, Steve F., justin daniels davis, john mark pool, Shawn brown, Kermit Netteburg, Eugene Oh, tim baker, Josh McDowell, Erik A. Olson, Don Rose, YWAM Latvia, jose alvarez, dee finney, antonia vladimirova, Jay Ashcraft , Leroy Freeman, carla educar, katie bazor, Carl Creasman, andrew deal, Ron Klabunde, Ambrose Roasa, Peter Fitchamanda dee, Mitch Anderson, Tim Schmoyer, jeff dee, reverend jeremy taylor, d.min, christina marie sanford, jean patrick charrey got Fazile Zahir got Zespó³ Doradców Gospodarczych, “TOR”, Spó³ka, greg titus, BaldySlaphead, Max Lopez, Evan McBroom, mike kenney, Douglas L. Fagerstrom, Rick Frye, brian, bill of the massive bri, Bruce Ryskamp, lawrence forman, micheru mathys, dana tillusz, George Tramountanas, John Lawry, John Jaszcz, and Randy Williams, JK Rowling, Nakul Chander, Wally Schmidt, Kiel Nunn, nick field, Heuva, michael doran, Alexander McConnell, William Revell Moody, Arthur Percy Fitt, erick Fazile Zahir, Pastor Erick Waukegan, IL
youth ministry liaison for the North Central Conference of the Free Methodist, Greg Bayaca and The Rev. Gerry Engnan, don and Linden Petrin, Bert McCumsey, Paul Meier, Chris Nelson, Alicia, Sung Hyun Um, John H. Thompson, Trond Hundstuen, Jim Case, Karen L. Schmidt, Andrey Stepanyuk , Dan Seidman, Tim Howey , Greg & Sherry, Dr. R. Mark Beadle, blaine motsinger, Jerry Frear, Konstantin Ternianov, janet mcknight, Laurie Behncke, Heuva, Zespó³ Doradców Gospodarczych, “TOR”, Spóka, Brad Gee, Senior Pastor,
Fazile Zahir richard starkings, joe kelly, mike hull, cesar gonzalez, Hugh T. Blevins, Jr., daniel kaps, SCHRAMM, Richard, Dean Galvin, Lusine Safaryan, diana hughey, Thom S. Rainer, Ronald L Hawkins, wendi hammond, helen calder, Bob McQueary, Richard E. Lauersdorf, brian hirt, bill hamon Zespó³ Doradców Gospodarczych, “TOR”, Spó³ka, Dann Pantoja, robert winer, paul dixon, rohn price, diana hughey, Mhada Oshiwara, Andheri West, dan kaps, Nicholson, Roy, john m. bailey, Richard L. Reising, phil at vibrance in ministry, Julie Lautt, Henry Doorn, Jack Ellis, Gordon Miller, dave at faf@ag.org, Jay Mooney, Pastor Ellen, Michael Cork, John Yates, Richard F. Myers, Willam Murray, larry clow, Darrell G. Young, david reagan, Paul Sang, Valoria L. Cheek, thom s. rainer, eric geiger, Sabrina McKenzie Ministries, Larry Frank, renewla, Alex Choi
, rex frieze, kiddos galore, Alissa Bertsch, Walt Mueller, Jay Mooney, Diamond Management Consultants dave moon, Chandigarh Express, Pete Widdop, Annette LaPlaca, Delbert Enns, Rev. Dr. John H. Thompson, Sr, President, scott morton, John Drage, Pastor Bill Dornbush, Duane Ray, Ali Klees, Lawrence McCorkle Gill’s family, CP-TEL, Jason Boyett, Stephen Felts, Kathy Lefler,Dr. James W. Dyer, Jr., Kathy Schaeffer, Joyce Strong, Alan Fox, John Wray, Matt Jones, John Engels, kobe holler, Jeremy Camp, Chris Bush, ARMEN BERJIKLY like Sabrina McKenzie, Frank Braun, Julia A. Spohrer, rick long, Shusaiyuan Biz, David Bearden, Al Jourgensen, Rick Warren, Stefanie Farrone, Len Kageler, Arthur Cherrie, R. Paul Stevens, Charles R. Shumate, Michael & Karen McDonald, Pat Verbal, Dr. mike Murdock, Phillip Butler, Ross Slaughter , Howard Culbertson, James L. Benedict, Michael Bartley, Carole Louise Sawatzky is lost, cut off saith God, John Freeman, Ed Young, Rick Cruse, Dr. Steve Stephens, Elizabeth Cullen, Joyce Strong, Annette LaPlaca, dr. kara powell, Matt Woodley and Julie Woodley, Barry St. Clair, Chad Zaucha, Rick Warren, B.A. Cooley, Susan Riddle, Micah Andrews, scottie may, beth posterski, catherine stonehouse, linda cannell, Brian Kluth, Doug Diehnelt, Jennifer Gale, Paul McDonald, Eric Brass, JEANIE STANLEY, Mr. William Stevens, Safiyah Marshay, India Arie, jeanie r. stanley,
Luke Brouillette, Doug Haugen and Andrew Bosch, Rev. Dr. M. Hadwin Fischer, Matthew Nowlin, howard culbertson, Paula M. Cavu and Dr Gavin Porter PhD, dr. sheikh muszaphar and dr. faiz Dann Pantoja, Lee Dodd, brandon teer, Hurckman, Tom R. Harper, amerintia human, Lee Gugliotto, Ph.D., David Neal, brittany hill, Pastor Billy Joe Daugherty, lemar mast, Rev. Stephen Reed, Steve Angello, Terry & Donna Keith, Heber E. Rast Jr., matt cario, Belinda Wright, Henri Nouwen, RANDALL K. KNUTSON, carmen joyce, Sr. Pastor Don Underwood, Ernestine Youngs, Dr. Rodney A. Harrison, Chris Alford, bruce marchiano, Julia A. Spohrer, Brian Kluth, Dietrich Bonhoeffer, Rev. José Zito Oliveira and Mrs. Zilta Rocha de Carvalho Oliveira Art Beals, Alisha Beverly, reiki music, lindsay greer, luke greer, Dennis Edwards, Chris Forbes, Keith Page, ginny olson, diana elliot, and mike work, dave wilson, HB London and Neil B. Wiseman, Elizabeth House, josh hunt, Dennis Klussman, Wszelkie prawa zastrzeżone, Jimmy Williams, Michael Ward, sunnysnet, sunnysweb, Dr. R. Mark Beadle of SEVENSTAR ACADEMY, michele rickett, sisters in service, Mike and Kerry Clarensau, VERLIN BYERS, glenn gerdes, wayne muirhead, ted Engstrom, krista petty, Tim Boyd, Vic Kennett, Sr. M. Dolorosa, R. Kent Hughes, Richard Woughter, SeLahGirl, Daniel Brown, Eddy Hall, Gary & Carrie Espeseth, Mark Warnock, Deborah F. Jenks, sue mickey, Clifton Eshbach and Pastor Conrad B., mn church planting, Ruth Ann, kobe aka skreetpreacha, Jenny Duff, COREY, WAYNE, DAN, Jeri Rose, Dr. Stephen J. Carter, Rob Martini, Pastor Mark Burch, Dwyndl, Lori, Noah & Bayley Nelms, Steve Roesch, Nicholas Wolterstorff, The Rev. LeRoy L. Carlson, jared cramer, Paul and Agnès Sanders, Dave & Dawn Bovenmyer, Dennis Klussman, tim chan, Kimberley Ward, Kip Gilts, Sheila Swafford, Jane Fitzjerrell, Nilson Kibbey, cluracan hides ministry of dreams here www.heroinpuppy.com/ministry , kimberly giarrusso, Aleathea Dupree, Joseph Boerman, Bob Cramer, Denise Knight, Rich Stone, RICK KINDSCHI, ron c. scott noble, keith johnson, sistermoonshine13 who is Joel Tao, these are all the children of satan's high priest wizard jeremy taylor of starr king school of ministry, they all stole the God spoken created name ministry of dreams, to ruin God's servant of his salvation and God is ruining them and makes them run to remove like d.min jeremy taylor m.a. will, tell satan taylor watch his soothsaying career end and then he laughs but removes ministry of dreams, kathryn tyalor loved till ruint then left, mock her, till death do us part, they are witchs like jim garrison, rebecca ann parker, gina halpen, richard rosen, susan rosen, wizard amy brucker, they, most, posted his article, or stole, the name ministry of dreams to make prophet fall, all release ruint, this is duncan rouleaus family, they want Gods servant to fall,