A security firm claims to have uncovered a huge identity-theft ring that appears to be using a spyware program to steal confidential information from computers.
Sunbelt Software said the operation, which is being investigated by the FBI and Secret Service, is gathering personal data from "thousands of machines" using keylogging software. The data collected includes credit card details, social security numbers, usernames, passwords, IM chat sessions and search terms. Some of the data gathered is then saved in a file hosted on a US-based server that has an offshore-registered domain, said Sunbelt president Alex Eckelberry.
"The types of data in this file are pretty sickening to watch," Eckelberry said in a blog posting from Saturday. "In a number of cases, we were so disturbed by what we saw that we contacted individuals who were in direct jeopardy of losing a considerable amount of money."
According to Sunbelt Software, criminals have obtained access to a considerable amount of bank information, including details about one company bank account containing over $350,000 (£197,000) and another account that has "readily accessible" funds of over $11,000.
The operation appears to be linked to CoolWebSearch (CWS), a malicious program that hijacks Web searches and disables security settings in the Internet Explorer browser. Patrick Jordan, a Sunbelt employee, discovered the identity theft ring while researching a CWS variant.
"During the course of infecting a machine, he [Jordan] discovered that a) the machine he was testing became a spam zombie and b) he noticed a call back to a remote server. He traced back the remote server and found an incredibly sophisticated criminal identity theft ring," said Eckelberry. "We are still trying to ascertain whether or not this is directly related to CWS."
An FBI spokesperson was unable to confirm whether or not an investigation was taking place. Sunbelt was unavailable for further comment in time for this article.
This is the latest attempt by a criminal gang to use spyware for financial gain. In March this year the UK's National Hi-Tech Crime Unit foiled an attempt to steal £220m from the Japanese bank Sumitomo Mitsui. Keyloggers were used to relay passwords and access information to the criminals who intended to transfer the funds electronically. A man in Israel was arrested after allegedly trying to transfer £13.9m of the funds.
Click here to see further information about this identity-theft ring.
Talkback
the link on the main page to this news item takes you too a jpg image and not the news item itself.
I have built an ID Theft prevention business in partnership with a growing UK online marketing company and London based PR agency, which will move people from a 'high risk' to a 'low risk' category.The core product is a website, which a user can subscribe either as a member or non-member to.
FACTS
It is the UK’s first resource centre against identity theft.
It also contains a comprehensive, easy-to-follow, step-by-step programme (in five areas - see below) designed to protect you and your family from
identity theft. We never regard anyone as a 'victim'. They (you) are all 'targets'! We advise you on what to do!
The programme covers FIVE key areas:
1.Preventing computer identity theft - covers e-mail, internet, anti-virus, chat/messenger protection and much much more...
2.Preventing non-computer identity theft - covers how to protect your credit rating, unsolicited mail, protect your mobile phone and much more...
3.Identity recovery - includes what ID theft signs to look out for, a self-recovery programme and documents to download to send to CRA's, financial
and non-financial institutions and much much more...
4.ID protection software - download links and website links to the very best ID protection tools and services currently available
5.News and updated product reviews - all the very latest news and products, from the world of identity theft and computing
The website is on course for launch 1st March 2006.
If you wish to find out more (including the website address) then please e-mail me: julian.evans1@virgin.net