Hackers are again targeting e-retailing sites.
The National Infrastructure Protection Center, a group working out of FBI headquarters, is warning U.S. e-commerce companies of organized hacker activity largely from Russia and the Ukraine. These problems were first noticed in 1998, and so far 1 million credit card numbers have been stolen from 40 victims in 20 states.
The hacker groups have penetrated U.S. e-commerce computer systems by exploiting vulnerabilities in unpatched Microsoft Windows NT operating systems. Microsoft has developed patches that users can download for free.
Once the hackers gain access, they download proprietary information, customer databases, and credit card information. The hackers then contact the victim company and make a veiled extortion threat by offering Internet security services to patch the system against other hackers. They tell the victim that without their services, they cannot guarantee that other hackers will not access the network.
The NIPC says the hackers have become more threatening when the company is uncooperative. There is evidence that the stolen information is at risk whether or not the victim cooperates with the demands of the intruders. Investigators also believe some of the credit card information is being sold to organized crime groups.
Also, the FBI and the Computer Security Institute said that 13% of the businesses they surveyed reported online theft of e-commerce transaction information in 2000-an 8% jump from 1999. Of those surveyed, 8% said they were the victim of financial fraud in 2000, which is up 3% from the previous year.
“The results of this year’s survey demonstrates the seriousness of computer crime,” says Bruce Gebhardt, director of the FBI’s Northern California office.