Security researcher discovers massive criminal database

News

Security researcher discovers massive criminal database

Warwick Ashford

A security researcher has discovered a criminal database containing access details for 200,000 servers worldwide belonging to organisations including the BBC in the UK.

The database was being used by at least two e-crime groups in Europe and one in the US to infiltrate company and organisation servers in 86 countries.

The access details were harvested from visitors to legitimate websites that had been infiltrated using the Neosploit 3.1 hacker toolkit.

Malware is transferred to the vistors' computers and when they access IT systems within their organisation, the access details are captured and sent to the criminal database.

Ian Amit, director of security research at Israeli-based Aladdin Knowledge Systems told Computer Weekly that around 107,000 of the 200,000 records had been validated.

UK organisations accounted for 900 of the validated credentials found on the database, including the BBC, which was among those notified of the threat last week.

Amit said of those 900 validated UK records, 600 had been used to infiltrate legitimate websites hosted in the UK as well as about 82,000 other websites around the world.

All affected websites and important organisations listed on the criminal database have been notified by a task group set up by the internet security organisation, CERT.

However, Amit said it would still take some time to notify all the owners of all 200,000 records found on the database.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy