Security threats Toolkit

'Massive' identity theft ring uncovered

Tags:
Spyware

Ingrid Marson ZDNet.co.uk

Published: 08 Aug 2005 12:40 BST

A security firm claims to have uncovered a huge identity-theft ring that appears to be using a spyware program to steal confidential information from computers.

Sunbelt Software said the operation, which is being investigated by the FBI and Secret Service, is gathering personal data from "thousands of machines" using keylogging software. The data collected includes credit card details, social security numbers, usernames, passwords, IM chat sessions and search terms. Some of the data gathered is then saved in a file hosted on a US-based server that has an offshore-registered domain, said Sunbelt president Alex Eckelberry.

"The types of data in this file are pretty sickening to watch," Eckelberry said in a blog posting from Saturday. "In a number of cases, we were so disturbed by what we saw that we contacted individuals who were in direct jeopardy of losing a considerable amount of money."

According to Sunbelt Software, criminals have obtained access to a considerable amount of bank information, including details about one company bank account containing over $350,000 (£197,000) and another account that has "readily accessible" funds of over $11,000.

The operation appears to be linked to CoolWebSearch (CWS), a malicious program that hijacks Web searches and disables security settings in the Internet Explorer browser. Patrick Jordan, a Sunbelt employee, discovered the identity theft ring while researching a CWS variant.

"During the course of infecting a machine, he [Jordan] discovered that a) the machine he was testing became a spam zombie and b) he noticed a call back to a remote server. He traced back the remote server and found an incredibly sophisticated criminal identity theft ring," said Eckelberry. "We are still trying to ascertain whether or not this is directly related to CWS."

An FBI spokesperson was unable to confirm whether or not an investigation was taking place. Sunbelt was unavailable for further comment in time for this article.

This is the latest attempt by a criminal gang to use spyware for financial gain. In March this year the UK's National Hi-Tech Crime Unit foiled an attempt to steal £220m from the Japanese bank Sumitomo Mitsui. Keyloggers were used to relay passwords and access information to the criminals who intended to transfer the funds electronically. A man in Israel was arrested after allegedly trying to transfer £13.9m of the funds.

Click here to see further information about this identity-theft ring.