"E-Commerce
Vulnerabilities"
NIPC
Advisory 01-003
Over the past several months,
the National Infrastructure Protection Center (NIPC) has
been coordinating investigations into a series of organized
hacker activities specifically targeting U.S. computer
systems associated with e-commerce or e-banking. Despite
previous advisories, many computer owners have not patched
their systems, allowing these kinds of attacks to continue,
and prompting this updated release of information.
More than 40 victims located
in 20 states have been identified and notified in ongoing
investigations in 14 Federal Bureau of Investigation Field
Offices and 7 United States Secret Service Field Offices.
These investigations have been closely coordinated with
foreign law enforcement authorities, and the private sector.
Specially trained prosecutors in the Computer and Telecommunication
Coordinator program in U.S. Attorneys' Offices in a variety
of districts have participated in the investigation, with
the assistance of attorneys in the Computer Crime and
Intellectual Property Section at the Department of Justice.
The investigations have
disclosed several organized hacker groups from Eastern
Europe, specifically Russia and the Ukraine, that have
penetrated U.S. e-commerce computer systems by exploiting
vulnerabilities in unpatched Microsoft Windows NT operating
systems. These vulnerabilities were originally reported
and addressed in Microsoft Security Bulletins MS98-004
(re-released in MS99-025), MS00-014, and MS00-008. As
early as 1998, Microsoft discovered these vulnerabilities
and developed and publicized patches to fix them. Computer
users can download these patches from Microsoft
for free.
Once the hackers gain access,
they download proprietary information, customer databases,
and credit card information. The hackers subsequently
contact the victim company through facsimile, email, or
telephone. After notifying the company of the intrusion
and theft of information, the hackers make a veiled extortion
threat by offering Internet security services to patch
the system against other hackers. They tell the victim
that without their services, they cannot guarantee that
other hackers will not access the network and post the
credit card information and details about the compromise
on the Internet. If the victim company is not cooperative
in making payments or hiring the group for their security
services, the hackers' correspondence with the victim
company has become more threatening. Investigators also
believe that in some instances the credit card information
is being sold to organized crime groups. There has been
evidence that the stolen information is at risk whether
or not the victim cooperates with the demands of the intruders.
To date, more than one million credit card numbers have
been stolen.
The NIPC has issued an updated
Advisory
01-003 at www.nipc.gov
regarding these vulnerabilities being exploited. The update
includes specific file names that may indicate whether
a system has been compromised. If these files are located
on your computer system, the NIPC Watch in Washington
D.C. should be contacted at (202) 323-3204/3205/3206.
Incidents may also be reported online at www.nipc.gov/incident/cirr.htm.
For detailed information on the vulnerabilities that are
being exploited, please refer to the NIPC
Advisory 00-60, and NIPC
Advisory 01-003.