The credit card details of over one million web users have been stolen or compromised following a co-ordinated hacking attack on over 40 US websites.
By Peter Warren
Published: 30 March 2001 18:30 GMT
The revelation emerged after a year-long FBI investigation, prompting the normally tight-lipped security organisation to issue an unprecedented alert about the activities of groups of mainly Eastern European hackers.
A spokeswoman for the FBI told silicon.com that the decision to depart from normal procedure and issue a warning about the activities of the Eastern European groups had to be taken because of the ever increasing list of victims falling to the groups.
"We did issue a warning about software vulnerabilities back in December of last year, but since then we have clocked up another 24 corporate victims, so we decided it was in the public interest to do something about it," she added.
The hackers managed to break into sites by exploiting well-known vulnerabilities that affect every organisation in the world that runs its site on Microsoft's Windows NT software.
Microsoft pointed out that it makes security patches available on its website, and also offers an email warning system telling those who sign up to it of known vulnerabilities and the patches required to remedy them.
According to a company spokesman, future versions of Microsoft's operating systems will instantly find and automatically install any new patches as they appear on the firm's website - an extra which users will be able to decline if they so choose.
FBI officers claim that the expertise needed to exploit vulnerabilities in Windows NT yielded huge dividends, allowing hackers to hoover up enormous amounts of detailed information.
The method used by the gangs follows the fairly common pattern of first identifying networks with automated searches and then homing in on the vulnerable systems shown up in the search. Once found, the websites are prised open using freely available tools.
A preliminary report on the attacks, including details of the necessary patches, is available from the SANS Institute website at http://www.sans.org .
The NIPC report can be obtained from http://www.nipc.gov and the Centre for Internet Security - http://www.cisecurity.org - has issued a tool known as Patchworks to test NT systems for vulnerabilities.
Moderate IT security experience (UNIX, NT, firewalls, virus, intrusion detection). You will be responsible for all security incidents, incident ...
Role - SMS / SCCM Technical Specialist / Analyst Location - Hatfield, Hertfordshire Salary - 23-37k basic + benefits Microsoft SMS / SCCM Technical ...
Implementation Support Consultant (SQL, UNIX, NT). Sound SQL experience is essential as is a thorough understanding of UNIX & NT operating systems ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Nick Heath Your top HR tech priorities for next year revealed How to make human resources IT work for you
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business