Jewish World Review March 14, 2001 / 19 Adar, 5761
http://www.jewishworldreview.com -- COMPUTER security experts are bracing for a wave of online criminal activity originating in Eastern Europe that, unlike many previous electronic break-ins, is calculated and financially motivated.
The concern follows an FBI announcement last Thursday that organized hacker groups have targeted numerous U.S. financial institutions during the past year.
Although the agency did not disclose the names of the businesses that have been hit or the amount of monetary losses suffered, it revealed that more than 40 investigations currently are under way in 20 states and that more than a million credit card numbers have been stolen to date.
According to the FBI, hacker clans operating chiefly in Russia and the Ukraine have penetrated numerous e-commerce computer systems in the U.S. The announcement is unusual for the FBI, which typically does not comment on active investigations to avoid compromising cases.
"It's unprecedented that they would take forensics information from an ongoing investigation and make it public," said Alan Paller, director of the SANS Institute, a Bethesda, Md.-based cooperative for security research and education. "The only reason they would do that is to stop a crime wave."
The FBI listed three vulnerabilities in the Microsoft Windows NT operating system that the hackers were exploiting. The agency also released a list of file names that, if found on a computer, would indicate that that system had been penetrated.
The hacking techniques themselves are nothing new, say security experts. What's new is the organized nature of the break-ins, and the strictly mercenary goal of the incidents, which involve extortion practices that would make the characters in HBO's mob series "The Sopranos" envious.
"Obviously the FBI thinks this is pretty severe," said Jeanne Capachin, an analyst at Newton, Mass.-based Meridien Research. "Sounds like there are a lot of databases that have been hacked already and more to be targeted."
According to the FBI, the hackers first force their way into electronic databases and purloin customer credit card information. The victimized businesses are then contacted and "invited" to sign up for high-priced security services, which would protect any vulnerable information from being accessed by other parties.
"These guys have probably got more resources than the typical hacker has and more incentive to profit from what they're doing," said Meridien's Capachin. "It probably does mean that the ante has been upped."
But for Capachin, the news is nothing shocking. "We've had organized criminals with credit card fraud in the physical world for a long time," she said. "I don't think this is anything that anyone shouldn't have expected."
In the physical world, businesses have combated credit card fraud by relying on things like neural networks, which can detect irregular credit card activity. While these neural networks are important online, as well, the best defense against electronic break-ins is to be diligent about updating software patches, Capachin said. "Merchants need to not wait until they get hacked," she said. "There are patches out there, and they're not installing them."
The attacks will not have a big affect on consumers because an
individual's liability is limited to $50 in cases of credit card
Alexi Oreskovic is a writer for The Industry Standard. Comment by clicking here.