The U.S. Federal Bureau of Investigation (FBI) issued an advisory Thursday warning that several organized hacker groups, operating out of Eastern European hubs, have stolen proprietary information from hundreds of e-commerce and online banking sites, including customer databases and more than one million credit card numbers.
The FBI — which is coordinating an ongoing probe of Internet security breaches through its cybercrimes division at the National Infrastructure Protection Center — said that the hackers primarily hail from Russia and the Ukraine. Investigators found that the recent spike in domestic credit card theft corresponded with an increase in fraudulent credit card usage in these regions.
Roughly 40 e-commerce firms, located in 20 states, have already had their computer systems penetrated by hackers who exploit vulnerabilities in unpatched Microsoft Windows NT operating systems, the FBI said.
The FBI said that in some instances, the stolen credit card information is being sold to organized crime entities.
The FBI alert comes on the heels of a number of high-profile hack attacks that have compromised both the finances and confidence of online users, the most recent involving the theft of almost 100,000 credit card numbers from Amazon-owned book vendor Bibliofind.com earlier this week.
Although fixes were developed for known system and transaction software vulnerabilities as early as 1998, the FBI said that e-commerce firms apparently have been less than vigilant in securing customer data.
“Despite previous advisories, many computer owners have not patched their systems, allowing these kinds of attacks to continue,” the FBI said.
After successfully accessing consumer data, the criminal groups usually notify e-commerce companies of the intrusion or theft and then “make a veiled extortion threat by offering Internet security services to patch the system against other hackers,” said the FBI.
“They tell the victim that without their services, they cannot guarantee that other hackers will not access the network and post the credit card information and details about the compromise on the Internet,” the agency said.
“If the victim company is not cooperative in making payments or hiring a group for their security services, the hackers’ correspondence has become more threatening,” the FBI added.
However, the FBI noted that the stolen information is at risk whether or not the company meets the hackers’ demands.
On the Case
Investigations into the cybertheft are being conducted by FBI and U.S. Secret Service field offices throughout the country, in concert with foreign law enforcement authorities and private sector firms.
In addition, prosecutors in the Computer and Telecommunication Coordinator program in the U.S. Attorney field offices, as well as attorneys in the Computer Crime and Intellectual Property Section at the Department of Justice, are participating in the probe.
Thursday’s advisory underscored Russia’s growing reputation as home base for some of the Net’s most notorious hackers.
In December, the FBI began investigating a Russian link in the theft of 55,000 credit card numbers from merchant card processor CreditCards.com. After the site refused to pay US$100,000, the hackers posted almost half of the numbers on the Web. Consumers whose card numbers were stolen incurred unauthorized charges from a Russian-based site.
Another case that drew much attention involved the theft of some 300,000 card numbers from CDUniverse.com in December 1999. In that episode, a teenage Russian hacker released thousands of the numbers online when the music e-tailer refused to meet his $100,000 extortion demand.