Hacker attack latest in string of online credit card thefts

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Thursday March 02 10:00 PM EST Hacker attack latest in string of online credit card thefts John Borland, CNET News.com

A hacker attack on a New York e-commerce site is the latest in a string of online break-ins in which credit card numbers were stolen and posted to the Web, sources told CNET News.com today.

Since late January, at least eight small e-commerce sites have been hacked exploiting a known security hole in Microsoft software, according to a security investigator and companies and individuals affected by the attacks. The companies were listed on a taunting Web site posted by a hacker named "Curador" claiming credit for the attacks and listing thousands of stolen credit card numbers, sources said. He claims he seized more than 23,000 credit card numbers.

The incidents come amid heightened concern about Web security after other high-profile attacks. In January, several top-tier sites, including Yahoo and eBay, were shut down after being flooded with requests for information in "denial of service" attacks. No customer or company data were stolen in those attacks.

But close to 350,000 credit card numbers were stolen that same month from music site CD Universe and posted online. A hacker going by the name "Maxus" claimed he had the numbers and tried to extort $100,000 from the Web site. The FBI shut down the site where the credit card numbers had been posted.

Executives at wireless phone site Promobility.net and SalesGate.com confirmed the new attacks, as did the company that provided the Web software for LTA Media and Feelgoodfalls.com sites.

A security consultant hired by LTA Media said the first attack targeted a Thai shopping site. Since then, sites in the United States, Canada and the United Kingdom have been hit, said Chris Davis, a Canadian security consultant with Tyger Team who has been retained to investigate the new case.

Law enforcement agencies in several countries are investigating the attack, according to companies who reported the break-ins to Canadian and U.S. officials. Authorities from the U.S. Secret Service, FBI and the Royal Canadian Mounted Police all declined to comment on the case.

The hackers broke in using a security hole in Microsoft's e-commerce Web server software, allowing the download of customer transaction records, several victims said. Curador taunted the victims--and Bill Gates--on his Web site, which was paid for with one of the stolen credit card numbers.

"I would like to thank the nice people at ALL the Sites I Cracked for having left their entire sales database, readable & writeable for any one who bothered to check their site out," Curador wrote on a Web site saved by Davis, who is continuing to investigate the case. "Maybe one day people will set up their sites properly before they start trading because otherwise this won't be the last page I post to the NET," the message read.

"Also Greetz to my friend Bill Gates, I think that any guy who sells Products Like SQL Server, with default world readable permissions can't be all BAD," the message read.

A Microsoft spokeswoman said the company created a patch for the hole in mid-1998 but noticed that customers weren't using it. They have issued additional warnings since then.

"We're still trying to make customers aware that there is a patch," spokeswoman Luisa Vacca said today.

One company that was hacked said it didn't know about the hole until after the attack. The attack on SalesGate was first reported by CNET News.com.

"We're not blaming Microsoft, but that was the point of entry," said Chris Keller, founder of SalesGate, adding that his firm would now switch to a system using competing Linux-based software. The company had not yet determined whether any of the patches available from Microsoft would have prevented the intrusion, he said.

SalesGate.com notified customers yesterday that their credit card numbers had been stolen and had been canceled.

"We have also been working closely with the Secret Service in the United States to catch the hacker responsible for breaking into our system," the email read. "His previous attacks have been making headlines across the world."

At one point, Curador apparently used a stolen credit card to register his own domain name--"e-crackerce.com," a play on e-commerce.com--and moved his site to an independent Web hosting company in California. The owner of that stolen credit card, a postal worker in Jacksonville, Fla., said she was surprised to learn this week that her card had been used to register a domain name that was then hosting a list of stolen credit card numbers and the names of the eight web sites.

"I didn't believe it, but I looked it up, and said 'Son of a biscuit eater, there it is,'" Stacy Yaple said.

The Web hosting company took down the site late Tuesday after being notified of its contents.

Company representatives said their sites were attacked via Microsoft's Internet Information Server software, through a hole known to security consultants as the RDS or remote data service flaw, allowing hackers to download transaction records to their own machines.

Davis speculated that the hacker used an automated software code of his own creation to scan the Web for commerce sites that had the security hole open.

"He's better than some, but not great," Davis said. The intruder did leave some evidence of his identity behind, he and other victims said.

Curador promised in his error-filled Web message that he'd be back: "I have been on vacation so to speek so I would like to apologise to all the sites who had to waite for me to crack them sorry and I will try and keep it 24/7 from now on. =)"


-- Martin Thompson (mthom1927@aol.com), March 02, 2000


More details about Salesgate.com...MT

Web Hit Again by Credit Card Breach

John Borland CNET News.com 03/02/2000 Computer hackers have struck again, prompting an e-commerce site to notify customers that some of their credit card numbers had been stolen and posted on the Web.

The site, called SalesGate.com, is the latest example of an online business being hit by a security breach. The attacks are raising concern among consumers, industry executives and law-enforcement authorities. About 2,000 records were taken at SalesGate, including credit card numbers and other personal information, Chris Keller, one of SalesGate's founders, told CNET News.com.

"We regretfully inform you that SalesGate has suffered a security breach in our customer database," the company said in a memo to customers. "Among the data accessed illegally from our system and posted to the Internet are credit card numbers of some of our customers.

"We have been working closely with the Secret Service in the United States to catch the hacker responsible for the breaking into our system."

SalesGate, owned by Buffalo, N.Y.-based Internet Management Services, is a marketplace where small businesses come to sell their products and services in a central location. SalesGate guarantees the security of transactions and has a message posted on its Web site promising to refund any charges linked to cards stolen from the site. The news comes as Internet security concerns have risen to a new high, following high-profile attacks last month that successfully shut down Yahoo, eBay, Amazon.com and other Web giants.

As yet, it appears that no personal information was stolen in that round of attacks, the companies have said. More immediately dangerous has been a string of actual intrusions and thefts of credit card numbers, however. A computer thief going by the name "Maxus" apparently stole close to 350,000 credit card numbers from online music store CD Universe early this year, posted the numbers online, and attempted to extort $100,000 from the company. The online store contacted the FBI, which shut down the Web site.

SalesGate has notified all the customers who were affected, and has canceled the cards directly with the credit card companies. Nevertheless, its email warned customers to be on the lookout for unauthorized purchases charged to "SalesGate" or "Internet Management Services."

The SalesGate theft is likely linked to a string of other recent online break-ins and credit card thefts, sources close to the investigation said.

http://abcnews.go.com/sections/tech/CNET/cnet_ecommercebreach000302.ht ml

-- Martin Thompson (mthom1927@aol.com), March 03, 2000.

Moderation questions? read the FAQ