Free gift offers dupe users into giving personal data

Domain name hosting the data could be tied to well-known hacker groups

The personal details of thousands of mostly U.S.-based PC users have been discovered stashed on a server located in France, another indication of use of the Internet to collect personal data on a vast scale.

The Web page, which was live as of Monday morning, does not contain financial details of the users.

But other Web pages associated with the same domain indicate the site could be connected to a group of hackers based in the Middle East known for their involvement in other Internet financial crime as well as defacing Web sites, said Chris Boyd, research manager for FaceTime Communications Inc., a security company. He posted more details on a company blog .

The ISP (Internet service provider) that hosts the page has been contacted, Boyd said.

The data appears to have been collected in April 2006, according to timestamps in the file, and includes the full names of people, their address and their IP address. Also included are the names of the Web sites from which the details were apparently collected.

The names of those Web sites, most of which are now not active, appear to offer a freebie, with names such as www.likefreestuff.com and www.freebgift.com.

The offer of a free gift is often made in exchange for data, Boyd said.

There's nothing illegal about collecting data that users voluntarily submit. Likewise, the storing of personal details for marketing purposes is also not illegal. But leaving those details open on a server could violate European or U.S. data protection laws.

It's not clear how that data on the French server is being used, but various hackers forums are aware it has been exposed, Boyd said. The e-mail addresses could immediately be used to send spam, while the addresses of the users could potentially be used for identity fraud.

Research into the domain name hosting the data has also turned up clues that it may be connected to well-known hacking groups, he said. The server the domain is hosted on also hosts nearly 24,000 other domain names, another indication of possibly either phishing or other scam activity, Boyd said.

One page on the same server contains a hacking tool that can be used for a variety of other nefarious activity, such as building custom Web pages with exploit code.

The tool, called King IE Exploiter, is an application that can be used to find malicious software that can be incorporated into malicious Web pages, Boyd said. The application has been linked with Trojan horse programs aimed at stealing bank details and other malware that sends spam, he said.

Interestingly, when King IE Exploiter starts running, it lists several usernames of hackers, Boyd said. "They're got quite a history for being known for all sort of elaborate scams and attacks," he said.

Those attacks include a worm found two years ago that installed a fake BitTorrent client on targeted computers that distributed large video files.

The users whose data is now circulating on the Internet in this incident may be less protected that other victims of large data breaches. In the U.S., some states have laws where businesses must contact those affected by a loss of data.

However, user may be unaware how their data is now circulating or is used if it was collected by scammers, Boyd said.

"It is quite worrying," Boyd said. "Obviously, they are quite happily gathering up all of this information."

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies