Feeds

ID theft scam hunt goes global

Follow the money

Providing a secure and efficient Helpdesk

UK police are working with Interpol in a bid to track down the perpetrators of a malware-powered ID theft scam that has claimed thousands of victims worldwide.

As previously reported, a computer seized in the US contained personal data - including names, addresses, credit card information, and transaction records - from around 2,300 UK punters. Closer examination has revealed the details of at least 8,500 people in 60 countries were obtained through the scam.

The data was swiped using key-logging Trojan software, now identified as a variant of Haxdoor, according to the Metropolitan Police's Computer Crime Unit, which is investigating the case. Police are not explaining how the US computer came to be seized in the interests of protecting what's described as an ongoing investigation.

Haxdoor sends login details and other sensitive personal information to systems controlled by hackers. Variants of the Trojan used in the attack use a screen capture function in order to capture sensitive information. It's thought that many of the affected PCs became infected after victims of the attack (who'd failed to take adequate security precautions) were duped into following links in instant messenger conversations or spam emails that led to hacker-controlled websites hosting malware.

Login credentials associated with 600 financial companies and banks have been found on the US machine that's at the centre of the investigation, IDG reports. Analysis work is continuing on the data, contained in 130,000 files, forwarded by authorities to UK investigators. The data contains information including login details for ecommerce sites such as eBay, Amazon, and ISPs including BT and Pipex.

It's unclear how much, if indeed any, money has been stolen from online accounts as a result of the scam. UK police began by contacting suspected victims directly by email. They have gone on to get in touch with banks to alert them that particular account numbers have been compromised, so financial institutions have the information they need to contact customers directly.

Meanwhile, the Metropolitan Police's Computer Crime Unit is working with Interpol to trace the hackers behind the scam. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.