For Sale: Passwords To Fortune 500's Servers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
2/27/2008
02:08 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

For Sale: Passwords To Fortune 500's Servers

Cybercriminals are paying premiums based on compromised sites' Google PageRank to buy thousands of login names and FTP credentials, a security software company reports.

More than 8,700 FTP login names and passwords, some of which grant access to Fortune 500 servers, are being sold online through a sort of eBay for stolen data, a security company revealed this week.

Prices vary in relation to the Google PageRank of the compromised sites. The customers are cybercriminals who seek access to trusted sites in order to launch malware or hide files.

Finjan, a computer security company based in Israel, made the discovery and elaborates on its findings in its February Malicious Page of the Month report.

Finjan CTO Yuval Ben-Itzhak describes the online crime database application the company found as "the holy grail of hackers." It contains the "hacked FTP credentials of very large companies, some of them in the Fortune 500." More than 100 stolen login names are associated with one of the 500 most visited Web sites on the Internet, as measured by Alexa.com.

"There is a whole industry of buying and selling all these stolen credentials," said Ben-Itzhak. "It opens for us a new window to see how they really manage to infect all these companies and legitimate Web sites very quickly."

Ben-Itzhak declined to be more specific to avoid embarrassing the affected organizations but said that one of set of FTP credentials found granted access to a state court Web site. A state court site appears on p. 14 of the Finjan report, but the URLs in the printed screen shot have been obscured to prevent identification.

However, a Google search for a conspicuous portion of one of the obscured URLs suggests that the featured site belongs to California's Mono County Superior Court. (The Great Seal of the State of California can be easily identified on the Web site screen shot in the report despite an effort to blur it.)

A spokesperson for Finjan said the company could not name the compromised organizations it had identified for legal reasons.

Robert Dennis, the executive officer of the Mono County Superior Court, said he is not aware of the Finjan report or of any current problem with the court's Web site. However, he said that in January he had moved the court's Web site to a new ISP, and from a .gov domain to a .org domain, and that there had been occasional security issues in the past with the court's old ISP and site. The semi-obscured court URL in the Finjan report shows a .gov address.

"When we were with the prior host, we would occasionally have a problem where someone would hack the site," Dennis said, noting that it might have happened two or three times over the course of a year. "Somebody was adding code to our home page."

Dennis declined to name the court's old ISP, a large hosting provider that had served the court for eight years, but said a technical contact there had told him about difficulties keeping a specific server clean. "The guy said they'd clean it out and [the malware] would come back," he said.

The countries of origin for the stolen FTP credentials include the United States (2,621), Russia (1,247), Australia (392), and various Asia-Pacific Region countries (354), to name a few.

The Finjan report also says that the creators of crimeware toolkits have adopted the software-as-a-service model. It describes Neosploit 2.0, a Web-based hacking application that provides detailed infection statistics and other attack management tools. The result, as Ben-Itzhak describes it, is push-button cybercrime.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
News
What Comes Next for the COVID-19 Computing Consortium
Joao-Pierre S. Ruth, Senior Writer,  11/24/2020
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll