Two crimeservers containing 500MB of stolen data have been discovered in Argentina and Malaysia.
The data was likely being made available online to the highest bidder.
The compromised data was probably gathered using crimeware toolkits,
trojans and command-and-control systems used to drive traffic to the
The servers were discovered by Finjan's Malicious Code Research Center.
According to Yuval Ben-Itzhak, chief technology officer for Finjan, the
servers were the drop sites for data from malware loaded onto PCs all
over the world.
“It was obvious that this was an amateur operation, because the servers
had not been hidden in any way," he said. "It was probably someone
using off-the-shelf crimeware packages that professional hackers are
selling to amateurs."
The typical amateur can buy a complete suite of crimeware for $200, and
can commit internet crimes without having any sophisticated computer
skills, Ben-Itzhak said.
According to a report published by Finjan, the stolen data included:
- Compromised medical-related data of hospitals and publicly-owned healthcare providers
- Compromised business-related data of a US airline carrier
- Personal identity information
Two days after being reported to local and international law
enforcement authorities, the servers went down, but the individuals
behind the operation have not been caught.
Ben-Itzhak said: “It's hard to find the perpetrators, because a server
could be located in Argentina, [but] the criminals could be in Eastern
Europe, and the crime committed in the US.”
How can this kind of activity be guarded against? The basic guidelines
apply, according to Ben-Itzhak: stay current with patches and anti-virus updates, use firewalls
and consider adding another layer of security ahead of browsers to stop
malware from installing itself –- or run PCs under credentials that
prevent software installation, he said.
“Although we are just reporting on two servers, I'm
sure that there are hundreds, if not thousands, of servers like these
that are not so easily detected," said Ben-Itzhak. "I'm sure that many companies are not
even aware that their data may be in the wrongs hands right now.”