NIPC
Advisory 01-003
Over the past several months,
the National Infrastructure Protection Center (NIPC) has been
coordinating investigations into a series of organized hacker
activities specifically targeting U.S. computer systems associated
with e-commerce or e-banking. Despite previous advisories, many
computer owners have not patched their systems, allowing these
kinds of attacks to continue, and prompting this updated release
of information.
More than 40 victims located
in 20 states have been identified and notified in ongoing investigations
in 14 Federal Bureau of Investigation Field Offices and 7 United
States Secret Service Field Offices. These investigations have
been closely coordinated with foreign law enforcement authorities,
and the private sector. Specially trained prosecutors in the
Computer and Telecommunication Coordinator program in U.S. Attorneys'
Offices in a variety of districts have participated in the investigation,
with the assistance of attorneys in the Computer Crime and Intellectual
Property Section at the Department of Justice.
The investigations have disclosed
several organized hacker groups from Eastern Europe, specifically
Russia and the Ukraine, that have penetrated U.S. e-commerce
computer systems by exploiting vulnerabilities in unpatched Microsoft
Windows NT operating systems. These vulnerabilities were originally
reported and addressed in Microsoft Security Bulletins MS98-004
(re-released in MS99-025), MS00-014, and MS00-008. As early as
1998, Microsoft discovered these vulnerabilities and developed
and publicized patches to fix them. Computer users can download
these patches from Microsoft
for free.
Once the hackers gain access,
they download proprietary information, customer databases, and
credit card information. The hackers subsequently contact the
victim company through facsimile, email, or telephone. After
notifying the company of the intrusion and theft of information,
the hackers make a veiled extortion threat by offering Internet
security services to patch the system against other hackers.
They tell the victim that without their services, they cannot
guarantee that other hackers will not access the network and
post the credit card information and details about the compromise
on the Internet. If the victim company is not cooperative in
making payments or hiring the group for their security services,
the hackers' correspondence with the victim company has become
more threatening. Investigators also believe that in some instances
the credit card information is being sold to organized crime
groups. There has been evidence that the stolen information is
at risk whether or not the victim cooperates with the demands
of the intruders. To date, more than one million credit card
numbers have been stolen.
The NIPC has issued an updated
Advisory
01-003 at www.nipc.gov
regarding these vulnerabilities being exploited. The update includes
specific file names that may indicate whether a system has been
compromised. If these files are located on your computer system,
the NIPC Watch in Washington D.C. should be contacted at (202)
323-3204/3205/3206. Incidents may also be reported online at
www.nipc.gov/incident/cirr.htm.
For detailed information on the vulnerabilities that are being
exploited, please refer to the NIPC
Advisory 00-60, and NIPC
Advisory 01-003.