Russian cyberthief grabs business records


Russian cyberthief grabs business records

Ian Grant

Confidential records from more than 40 global businesses have were freely available to anyone on the web after they were stolen and stored on an unprotected server by a Russian cyber thief, a security company reported today.

Finjan, which specialises in secure web gateway products, found more than 5,000 unique IP addresses and 1.4 gigabytes of business and personal data in 5,388 unique log files hosted unprotected on a server used for criminal activity. The "crimeserver" hosts an application that compromises corporate networks and web servers to steal data.


Yuval Ben-Itzhak, CTO of Finjan, said it was likely that the thief had bought the application from a malware vendor, loaded it onto a host server, and went into crime.

The log files came from the US (571), Germany (621), France (322), India (308), Great Britain (232), Spain (150), Canada (86), Italy (58), the Netherlands (46), and Turkey (1,037), among others.

The server, most recently hosted in Malaysia and registered to a Russian, was first registered on 15 October last year. It changed IP addresses four times between 13 January and 6 April, probably to make it harder for law officers to detect and close it down, Ben-Itzakh said.

Ben-Itzahak said the crimeware targeted e-mail addresses, suggesting that the motive was to develop precisely targeted attacks and to capture confidential and proprietary information from e-mails that could be converted to cash in the underground market.

"Some of the data we found from a public company could have been used to speculate in the shares of that company," he said.

Other data found in the log files included patient health records stolen from a doctor's PC, bank account numbers and log-in details, confidential commercial correspondence, and complete Outlook accounts.

Ben-Itzakh said signature-based protection tools and URL filters were useless against malware of this type.

"You need something that looks at what the code intends to do and stops it if it breaches information security policies," he said.

Infosecurity 2008 >>

Essential guide to IT security >>

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy