Hackers steal one million credit cards

Russian and Ukranian hackers followed thefts from online banks with blackmail threats, says the FBI

Computer hackers based in Eastern Europe have carried out a year-long crime spree cracking scores of online banks and stealing more than a million credit card details, according to FBI computer experts.

More than 40 e-banking and e-commerce sites have been targeted and compromised by teams of Russian and Ukrainian hackers, said experts at the FBI's SANS (System Administration, Networking, and Security) Institute on Thursday.

The hackers are highly organised and interested in more than a few illegal credit card transactions. According to the FBI, many of the victim Web sites were blackmailed by the hackers, who threatened to reveal details of their exploits and use stolen credit card details if a ransom was not paid. Federal investigators also exposed details of protection rackets operated by these hackers, were companies were assured they would not suffer a potentially costly and damaging break-in in return for a fee.

Security analyst at Information Risk Management, Richard Stagg, said the development is worrying. "There's a trend emerging in Eastern Europe to get in touch with companies and say, 'wouldn't it be a shame if you got hacked'. It's like the East End protection rackets of the 60's."

Stagg said the cost of such attacks is likely to be spread between retailers, credit card companies and consumers, but believes that the damage done to consumer confidence may ultimately be more serious. "In the end you have a loss confidence and people saying that they don't want to buy online anymore."

The Eastern European computer criminals are thought to have relied on well-known weaknesses in Microsoft's Window's NT operating system to carry out the crime spree. The FBI believes that the break-ins represent such a major threat that they have released details of the exploits as well as tools for counteracting them.

"The FBI and Secret Service are taking the unprecedented step of releasing detailed forensic information from ongoing investigations because of the importance of the attacks," said Alan Paller, director of research at the SANS Institute in a statement.

The FBI's National Infrastructure Protection Centre (NIPC) has investigated into a boom in European computer crime in recent months. It says that four major vulnerabilities affecting Windows NT have spawned the increase.

The first is a bug that allows a user to take control of Microsoft's ISS Web server, another allows Microsoft's SQL database software to be compromised and a further two give a hacker to opportunity to take control of a Windows NT machine itself.

Take me to Hackers

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read what others have said.