Over the past several months, the US National Infrastructure Protection Center (NIPC) has been co-ordinating investigations into a series of organised hacker activities specifically targeting US computer systems associated with e-commerce or e-banking.
More than 40 victims located in 20 states have been identified in ongoing investigations. These investigations have been closely co-ordinated with foreign law enforcement authorities, and the private sector.
The investigations disclosed several organised hacker groups from Eastern Europe, specifically Russia and the Ukraine, that have penetrated US e-commerce computer systems by exploiting vulnerabilities in unpatched Microsoft Windows NT operating systems.
Once the hackers gain access, they download proprietary information, customer databases, and credit card information. The hackers subsequently contact the victim company through fax, e-mail, or telephone. After notifying the company of the intrusion and theft of information, the hackers make a veiled extortion threat by offering internet security services to patch the system against other hackers. They tell the victim that without their services, they cannot guarantee that other hackers will not access the network and post the credit card information and details about the compromise on the internet.
If the victim company is not co-operative in making payments or hiring the group for their security services, the hackers' correspondence with the victim company has become more threatening. Investigators also believe that in some instances the credit card information is being sold to organised crime groups. There has been evidence that the stolen information is at risk whether or not the victim co-operates with the demands of the intruders. To date, more than one million credit card numbers have been stolen.
The NIPC has issued an Advisory regarding these vulnerabilities being exploited. The update includes specific file names that may indicate whether a system has been compromised.
If these files are located on your computer system, incidents can be reported at www.nipc.gov/incident/cirr.htm