Language Selection

English French German Italian Portuguese Spanish

Security Software Company Discovers Possible ID-Theft Ring

Filed under
Security

A Florida security software company says it has stumbled across what may be a major identity-theft effort.

Sunbelt Software Inc., which makes software used to protect computers from spyware, says it has discovered a server holding passwords and other personal information that may have been illegally collected using keylogging software.

"One of our researchers here, while doing some research for our anti-spyware tool, came across a server that happened to have a file on it that turns out to be a log file from a keylogger that's been deployed, it looks like, all over the world," David Bove, Sunbelt's director of spyware research, said in an interview.

Bove wouldn't provide more details about how the server was found or where it's located. Sunbelt has contacted the FBI about the discovery, he says. The FBI didn't immediately return calls seeking comment.

Keyloggers, whether hardware- or software-based, are used to capture information typed into computers, typically without the knowledge of the computer user. Used by law enforcement, they're a valuable tool for obtaining passwords criminals use to encrypt incriminating information. Used by criminals, they're a valuable tool for emptying online bank accounts and perpetrating identity-theft fraud. Keylogging software is usually distributed through Trojan software, worms, or viruses.

In July 2003, Juju Jiang pleaded guilty in federal court to computer fraud charges for using a keylogging program called Invisible KeyLogger Stealth at a number of Kinko's locations in Manhattan. In March, the British Hi-Tech Crime Unit foiled an attempt to steal some $420 million from a London branch of Japanese bank Sumitomo Mitsui. The thieves reportedly hacked the bank's systems through information obtained from a keylogger.

Bove says the log file contains user IDs, passwords, and associated URLs, along with IM chat logs that have been captured and transmitted over the Internet by the keylogger. Whoever is responsible has been periodically harvesting the suspected stolen data and resetting the file size, he says. When the file was discovered a week ago, it had 22 Mbytes of data. It currently has 4 Mbytes and is growing at a rate of 200 Kbytes per hour, Bove says.

Sunbelt president Alex Eckelberry brought the discovery to light through a Sunbelt blog posting. "We're sitting upon literally thousands of pages of stolen identities that are being used right now," Eckelberry wrote Friday afternoon.

"There is a LOT of bank information in here, including one company bank account with over US$350,000 and another small company in California with over $11,000 readily accessible," Eckelberry wrote. "This list goes on and on and on."

"We were trying to figure out if this was real or not," Bove says. "And we actually logged into those accounts. That's how we knew how much money was in there. Then we immediately attempted to contact the individuals to let them know."

By Thomas Claburn
InformationWeek

More in Tux Machines

Leftovers: Software

  • Wireshark 2.0.5 Released — World’s Most Popular Network Traffic Analyzer
    Wireshark is widely used as the primary network protocol analyzer by security researchers all across the world. Wireshark 2.0.5, the latest maintenance update, is now available for download with various security fixes and updated network protocols.
  • ownCloud 9.1 Community Edition Cloud Server Adds Innovative Security Features
    ownCloud announced the availability of the first major release for the 9.x series of the open-source self-hosting cloud server software for GNU/Linux operating systems recently. ownCloud 9.1 Community Edition is now the latest stable and most advanced release of the ownCloud Server, which promises dozens of attractive new features, among which we can mention a bunch of innovative security enhancements, such as support for token-based authentication sessions and pluggable authentication support. Additionally, ownCloud 9.1 introduces the ability to list all the devices that are connected to your personal user page, from where you'll be able to invalidate certain session. Device specific tokens are supported as well in the ownCloud 9.1 release, giving users new ways to control the access to their personal and private cloud servers.
  • Deluge 1.3.13 Free BitTorrent Client Adds an Extremely Large Set of Bugfixes
    It's been a while since we last heard something from the Deluge project, an open-source and cross-platform BitTorrent client that's available for GNU/Linux, Mac OS X, and Microsoft Windows operating systems. Deluge is quite a popular software for downloading torrent files over the Internet, and it comes with pretty much everything you would expect from a BitTorrent client, including protocol encryption, Universal Plug and Play (UPnP), Distributed Hash Table (DHT), uTorrent Peer Exchange, wet-PMP, and, of course, the ability to manage the program remotely via a web browser.
  • Krita 3.0.1 Coming September 5, First Development Builds Are Out Now for Testing
    Now that the final release of the Krita 3.0 digital painting software has been released for our personal computers, the time has come for the project's development team to concentrate their efforts on the first point release.
  • Docker Built-in Orchestration Ready for Production: Docker 1.12 Goes GA
  • Docker 1.12 App Container Engine Officially Released with Built-in Orchestration
    Docker, the award-winning and widely-used open-source application container engine, has just released a major milestone that introduces approximately 100 changes since the previous stable update. That's right, Docker 1.12.0 is finally here after being in development for the past two months, during which it received a total of five Release Candidate (RC) builds that have been seeded to public testers and those who wanted an early taste of what's coming to the final Docker 1.12 release. "We wanted to thank everyone in the community for helping us achieve this great milestone of making Docker 1.12 generally available for production environments. Docker 1.12 adds the largest and most sophisticated set of features into a single release since the beginning of the Docker project," reads the release announcement.
  • The State of GIMP & Its Future

Games for GNU/Linux

  • Latest Vendetta Online Update Brings VR Improvements, Oculus Rift 1.6 Support
    Guild Software announced earlier today, July 30, 2016, the availability of the latest updates for its cross-platform, commercial, and popular Vendetta Online massively multiplayer online role-playing game (MMORPG). A total of three small updates have been released for Vendetta Online since our last report three weeks ago, when Vendetta Online 1.8.380 was released for PCs (Linux, Mac, and Windows) with lots of goodies and multiple improvements.
  • ‘Stardew Valley’ Now Available On Mac And Linux
    Back in June, it was confirmed that the game will be making its way to the Wii U, Xbox One and PlayStation 4.
  • New Steam Beta Client Adds Numerous Steam Controller Improvements, More
    Today July 30, 2016, Valve has pushed yet another update for its Steam Client to the Beta channel on all supported platforms, including GNU/Linux, Mac OS X, and Microsoft Windows. Steam Client Beta Update July 29 was announced today, despite its name, and it only introduces support for the upcoming Windows Anniversary Update that will be made available on August 2, 2016, as well as numerous improvements and a handful of new features for the Steam Controller device.
  • The TORCS Racing Car Simulator Should Now Be Slightly Faster With Gallium3D
    For those playing TORCS, The Open Racing Simulator, its performance for this driving game simulator should be slightly faster if using one of Mesa's Gallium3D drivers. AMD developer Marek Olšák has landed a complete rewrite of state atoms inside the Gallium3D Mesa state tracker. Long story short, Marek concluded his commit message by mentioned, "torcs is 2% faster between the previous patch and the end of this series." Every little bit counts in making the open-source driver stack more competitive. With this being in the vendor-neutral Mesa state tracker code, it should presumably also help the Nouveau driver too, in addition to RadeonSI/R600g.

Red Hat Financial News

Voyager 16.04.1 LTS Adds Intel Skylake Support, Based on Xubuntu 16.04.1 LTS

The guys over Voyager, a Xubuntu-based GNU/Linux distribution built around the lightweight Xfce desktop environment, have announced the release of Voyager 16.04.1 LTS. Read more