Hacking made easy: Software steals information

Post here about Cameras on the streets tracking who we meet, to piss tests, sattlelite gps tracking, echelon, carnivore, TIA, DARPA etc...
Site Admin
Posts: 7781

Hacking made easy: Software steals information

Post#1 » Tue Mar 21, 2006 1:31 am

Hacking made easy: Software steals information
http://www.detnews.com/apps/pbcs.dll/ar ... 1013/BIZ04

When Graeme Frost received an e-mail notice that an expensive digital camera had been charged to his credit card account, he immediately clicked on the Internet link included in the message that said it would allow him to dispute the charge. As the 29-year-old resident of southwestern England scoured the resulting Web page for the merchant's phone number, the site silently installed a password-stealing program that transmitted all of his personal and financial information.

Frost is just one of thousands of victims whose personal data has been stolen by what security experts are calling one of the more brazen and sophisticated Internet fraud rings ever uncovered. The Web-based software employed by ring members to manage large numbers of illegally commandeered computers is just as easy to use as basic commercial office programs. No knowledge of computer programming or hacking techniques is required to operate the software, which allows the user to infiltrate and steal financial information from thousands of PCs simultaneously.

The quality of the software tools cyber criminals are using to sort through the mountains of information they've stolen is a clear sign that they are seeking more efficient ways to monetize that data, experts say.

"We believe this to be the work of a group, not a single person," said Vincent Weafer, senior director of security response at Cupertino, Calif.-based computer security giant Symantec Corp. "This type of sophistication really shows the ability that (criminals) have to do 'data mining' on where all this stolen information is coming from."

Frost's data, along with information stolen from thousands of other victims, made its way to a Web site hosted by a Russian Internet service provider. The site is currently the home base of a network of sites designed to break into computers through a security hole in Microsoft's Internet Explorer Web browser. The data thieves use the IE flaw to install programs known as "keyloggers" on computers that visit the specially coded Web pages. The keyloggers then copy the victims' stored passwords and computer keystrokes and upload that information to the database.

The central database feeds the stolen data back to Web sites running the hacking software, where hackers can sort it by any number of variables, such as financial institution or country of origin -- powerful tools for anyone trying to squeeze as much income as possible out of their illegal activities.

To Weafer, the software appears to have been professionally designed for sale or rent to organized criminal groups. His team was tracing the origins of a new password-stealing program in February when it spotted at least three of the hacking Web sites.

The software -- viewed by a reporter on one of the sites, which WashingtonPost.com is not naming because it remains active -- displays detailed graphs showing the distribution of victims by country. At time of this publication, the site harboring Frost's information was receiving a stream of illicit data from a network of roughly 3,000 infected PCs mostly located in Spain, Germany and Britain.

The hacking software also features automated tools that allow the fraudsters to make minute adjustments or sweeping changes to their networks of hacked PCs. With the click of a mouse or a drag on a pull-down menu, users can add or delete files on infected computers.

They can even update their spyware installations with new versions tailored to defeat the most recent anti-virus updates. With one click on the Web site's "Add New Exploit" button, users can simultaneously modify all of the keylogger programs already installed on their networks.

Symantec and other security experts also have spotted earlier versions of the software installed on at least two other Web sites, one of which is still active and has harvested password information from nearly 30,000 victims, the bulk of whom reside in the United States and Brazil.

Keyloggers are fast becoming among the most prevalent and insidious online threats: More than half of the viruses, worms and other malicious computer code that Symantec now tracks are designed not to harm host machines but to surreptitiously gather data from them. None of the victims interviewed for this story was aware his computer had been seeded with the invasive programs until contacted by a WashingtonPost.com reporter.

These keylogger-control Web sites follow a trend toward automation in other realms of online fraud, such as virus-creation programs, spamming software and prepackaged toolkits to help fraudsters set up "phishing" sites -- Web pages designed to trick people into giving away their personal and financial data at what looks like a legitimate e-commerce or banking site.

"This type of plug-and-play, click-and-hack software simply represents the commercialization of criminal activity, and in many respects lowers the technical knowledge barrier of entry to this type of crime," Weafer said.

Microsoft released a patch in January to fix the software flaw that hackers used to break into Frost's computer, which involves the way IE processes certain types of digital images. As early as two weeks before the patch's release, online criminals were already hacking into thousands of small-merchant Web sites and embedding code that would silently install keyloggers when users browsed the sites with IE.

Frost blames himself for the theft of his personal information. He said the Web site that launched when he clicked on the link in the fraudulent e-mail belonged to a legitimate online camera store, and that the woman he spoke with at that store even told him that her site had been hacked and that it had probably downloaded "some kind of virus to his computer."

Frost also admits he ignored her warning and put off installing the latest patch, something he said he plans to rectify after reinstalling the operating system on his computer. Meanwhile, he's had to arrange new online login credentials for his bank and reset his eBay and PayPal passwords, all of which were found on the hacking Web site.

Still, one detail is gnawing on Frost's mind: The timestamp on the text files containing his password information indicate his data was stolen on Feb. 22, yet neither his bank nor eBay nor PayPal has since reported any suspicious activity on the account. "I'm relieved to know it could have been a lot worse."

Eric Sites, vice president of research and development at Sunbelt Software, an anti-spyware company in Clearwater, Fla., said it is likely that Frost's data had not yet been sold or transferred to other criminal syndicates who specialize in laundering money in Frost's geographic region.

"This sorting process allows the bad guys to zero in on the countries that they have experience with and sell the data to criminals who can make the most of it in that country," Sites said. "We have seen this type of data being sold before, and some of the stolen information will filter all the way down to criminals on the street using a (counterfeit) credit card."

John Bambenek, a security incident handler at the Bethesda, Md.-based SANS Internet Storm Center, which monitors hacking trends, agreed.

"The reason there is often a delay is that a lot of the people who actually install a lot of these keylogger programs are not that sophisticated," Bambenek said. "In most cases, they're teen-age hackers who flip the information to more organized criminal groups for some quick cash."

The scourge of keylogger programs is pervasive and growing, Bambenek said. He recently conducted an analysis for SANS estimating that nearly 10 million U.S. households own a computer that is infected with some type of keystroke logging prog

Who is online

Users browsing this forum: No registered users and 1 guest