View Full Version : Massive ID Theft Ring uncovered

08-09-2005, 04:18 AM
Sun Belt, the security company that found this ring, also has a blog on it where the writers have stated that they've never seen anything like it in size or scope.


Make sure you check out your computer to make sure you haven't been netted


ID theft ring hits 50 banks, security firm says
Published: August 8, 2005, 12:06 PM PDT
By Ingrid Marson
Special to CNET News.com
TrackBack Print E-mail TalkBack

A major identity theft ring has been discovered that affects up to 50 banks, according to Sunbelt Software, the security company that says it uncovered the operation.

The operation, which is being investigated by the FBI, is gathering personal data from "thousands of machines" using keystroke-logging software, Sunbelt said Monday. The data collected includes credit card details, Social Security numbers, usernames, passwords, instant-messaging chat sessions and search terms. Some of that data is then saved in a file hosted on a U.S.-based server that has an offshore-registered domain, according to Sunbelt.

In the two days that Sunbelt has been monitoring the file, the company has seen confidential financial details of customers of up to 50 international banks, said Eric Sites, vice president of research and development at the Clearwater, Fla.-based security software maker.

"For almost every bank that is listed (in the file), it's possible to get into the person's account," Sites said.

Along with passwords for online banking sites, information on credit cards also has been gathered. Sites said that Sunbelt had found one customer's credit card number, expiration date and security code, in addition to name and address. That information would allow anyone to use the credit card, he said.

"The types of data in this file are pretty sickening to watch," Sunbelt President Alex Eckelberry wrote in a blog posting dated Saturday. "In a number of cases, we were so disturbed by what we saw that we contacted individuals who were in direct jeopardy of losing a considerable amount of money."

Sunbelt said that the people behind the scheme have obtained access to a considerable amount of bank information, including details about one company account containing more than $380,000 and another account that has "readily accessible" funds of more than $11,000.

An FBI representative was unable to confirm whether or not an investigation was taking place.

The data theft is carried out by a Trojan horse downloaded at the same time as CoolWebSearch and a mail zombie, Sunbelt said. Patrick Jordan, a Sunbelt employee, discovered the identity theft ring while researching a variant of CWS, which is a malicious program that hijacks Web searches and disables security settings in Microsoft's Internet Explorer Web browser.

"During the course of infecting a machine, he (Jordan) discovered that a) the machine he was testing became a spam zombie and b) he noticed a call back to a remote server. He traced back the remote server and found an incredibly sophisticated criminal identity theft ring," Eckelberry wrote in the blog posting. "We are still trying to ascertain whether or not this is directly related to CWS."

The malicious code is hosted on a Web site that mainly hosts pornography, which Sites was unwilling to name. Users of Windows XP who have not installed Service Pack 2 are particularly vulnerable, as the code could be automatically downloaded without the user's knowledge, Sites said. Sunbelt is currently investigating whether users of earlier Windows versions, such as Windows 2000 and Windows ME, are also vulnerable.

"If you have an unpatched Windows machine, when you go to the URL it will automatically download everything from the Web site, including the Trojan. All you have to do is type in the URL and you're hosed," Sites said.

The Trojan is a new variant, so antivirus and anti-spyware vendors do not yet block it, Sites said. Sunbelt plans to send information on the Trojan to security companies as soon as possible.

The activity could be the latest attempt by a criminal gang to use spyware for financial gain. In March of this year, Britain's National Hi-Tech Crime Unit foiled an attempt to steal about $390 million from the Japanese bank Sumitomo Mitsui. In that case, keyloggers were used to relay passwords and access information to the criminals who intended to transfer the funds electronically. A man in Israel was arrested after allegedly trying to transfer $25 million of the funds.

08-09-2005, 07:54 AM
TWO WORDS... mandatory sentencing.

You steal someone's identity, you are found guilty of this crime... you sit in jail for 20 years for each identity you stole.

Druggies can be rehabilitated (some anyway). Theives are a different story. They are the scum of the earth. They should be locked up.

Drop the mandatory sentences for drug users (not dealers or growers). Stick it to these identity thieves. Stick it to 'em good.

08-09-2005, 09:39 AM
Wow, sounds like that's what happened to me. It was Cool Web Search that annihlated my last computer.

08-09-2005, 09:58 AM
We have a real mess on our hands right now. Before our vacation I thought mr creek was stopping the mail and he thought I was stopping it. And neither of us did.

Two weeks of mail - stolen. We talked to all the neighbors, my family, the letter carrier, no one has it. And the letter carrier said if he has seen it piling up, he would have held it.

So someone took our mail every day.

The postal service is investigating - it's a federal offense.

We're changing accounts - all accounts. Real PITA.

08-09-2005, 10:09 AM
We're changing accounts - all accounts. Real PITA.

I just had to go through all of that a few months ago, I feel your pain.