Click here to access the main News page and view a listing of all available articles.

Data Thieves Get Focused (But Buyers Get Sloppy)
Computerworld - 06/18/08

When it comes to online data theft, credit card numbers and bank account data are so 2007.

Increasingly, thieves are after more-specialized information such as health care data, single sign-on credentials for remote log-in to corporate networks and FTP account data, according to a new report from security vendor Finjan Inc.

The report, which was released today, summarizes the latest trends in the cybercrime marketplace over the first six months of 2008.

One of the biggest among those trends is the growing commoditization of some kinds of stolen data, according to Yuval Ben-Itzhak, chief technology officer at Finjan. Until recently, he said, credit card numbers and bank accounts with personal identification numbers (PIN) were considered valuable items in the underground market. But of late, the market has become flooded with such information, leading to its commoditization, Ben-Itzhak said.

Where valid credit card numbers and PINs used to sell for $100 or more each, they retail today for $10 to $20 in the underground market, Ben-Itzhak noted. Depressing prices even more is the easy availability of such information from numerous sources, most of which are quite literally a mere Google search away from prospective buyers.

As a result, there is a trend on the part of some online thieves to go after data that can fetch them premium prices in the cybercrime market. "It's just basically the rules of supply and demand," Ben-Itzhak said.

One trend that Finjan has noticed is an increased focus on trying to steal log-in credentials for Citrix applications. Technologies from Citrix Systems Inc. are being used by an increasing number of health care organizations to enable remote network access, Ben-Itzhak said, and stealing Citrix log-in credentials often allows data thieves to gain single sign-on access to a wide range of health-related information from inside hospital networks. The stolen data is used for a variety of scams such as fraudulent insurance claims, illegal purchases of prescription drugs and medical ID theft.

It's not just health care organizations that criminals are targeting, either, Ben-Itzhak said. There's a growing focus on stealing log-in credentials that provide remote access to business networks as well.

For instance, Finjan recently discovered a Argentina-based server containing over 500MB of stolen data and another server containing over 1.4GB of similar information in Malaysia. In both cases, the systems contained not just health care information but also business-related data. For instance, one of the servers had a cache of data that included passenger reservation data and flight scheduling information stolen from a major airline.

Despite the increasingly sophisticated methods that cybercriminals use to steal data, those who are actually soliciting and using the stolen information are relative amateurs with little idea of how to secure their illegally gotten data, Ben-Izthak said. Often, stolen data is stored in unprotected fashion on servers that can easily be accessed by anyone with a Web browser. Data on one of the crimeware servers discovered by Finjan this year had no access restrictions and allowed search-engine crawlers to index log files as they do with other public information on the Internet. As a result, passwords, Social Security numbers and other sensitive information ended up being stored on public caching servers such as those of Google Inc.

The report is available on Finjan's Web site; registration is required.

Click here to access the main News page and view a listing of all available articles.