THE U.S. FEDERAL Bureau of Investigation (FBI) is again warning electronic-commerce Web sites to patch their Windows-based systems to protect their data against hackers.

   ADVERTISEMENT
  

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Dell

Free IT resource

TechNet: More ways to know it, share it, and keep it running.

Sponsored by Microsoft

RELATED LINKS
»  IE 7 bug reopens debate over patch responsibilities
»  Woman ordered to pay for file-sharing will appeal
»  McAfee to buy SafeBoot for $350M
»  Security RSS feed 

IDG ENTERPRISE NETWORK
Research Reports  (CIO)
Ask the Expert  (CIO)

TOP NEWS 


IT SOLUTION SEARCH
The FBI's National Infrastructure Protection Center (NIPC) has coordinated investigations over the past several months into organized hacker activities targeting e-commerce sites, the FBI said in a statement issued Thursday. More than 40 victims in 20 states have been identified in the ongoing investigations, which have included law enforcement agencies outside the United States and private sector officials.

The investigations have uncovered several organized hacker groups from Russia, the Ukraine, and elsewhere in Eastern Europe that have penetrated U.S. e-commerce and online banking computer systems by exploiting vulnerabilities in the Windows NT operating system, the statement said. Microsoft has released patches for these vulnerabilities, which can be downloaded from Microsoft's Web site for free.

Once the hackers gain access, they download proprietary information, customer databases, and credit card information, according to the FBI. The hackers subsequently contact the company and attempt to extort money by offering to patch the system and by offering to protect the company's systems from exploitation by other hackers.

The hackers tell the victim that without their services they cannot guarantee that other hackers will not access their networks and post stolen credit card information and details about the site's security vulnerability on the Internet. If the company does not pay or hire the group for its security services, the threats escalate, the FBI said. Investigators also believe that in some instances the credit card information is being sold to organized crime groups.

The electronic break-ins constitute "the largest criminal Internet attack to date," said the SANS (System Administration, Networking, and Security) Institute in a statement. More than a million credit cards have been taken, according to the security consultancy firm.

Within a few days the Center for Internet Security, which is at www.cisecurity.org, plans to release a software tool that can check systems for the security holes and will look for files the FBI has found on many compromised systems, the SANS Institute said. The NIPC has listed those file names on its site at www.nipc.gov/warnings/advisories/2001/01-003.htm

The FBI's statement did not name any of the 40 Web sites that have fallen victim to the hackers.