News Stay informed about the latest enterprise technology news and product updates.

Hacker server contains thousands of sensitive business, healthcare files

A rogue server controlled by an unsophisticated hacker contained email and web-based data stolen from thousands of personal and business computers.

Researchers at security vendor Finjan uncovered a server containing the sensitive email and Web-based data of thousands of people, including healthcare information, credit card numbers and business personnel documents and other sensitive data.

This indicates that the person running it is interested in the data and the money, but probably has no clue about how to secure the server and how to protect the data from others to access it.
Yuval Ben-Itzhak,
chief technology officerFinjan

The server contained over 1.4GB of both email and web-based data. In all, the data consisted of more than 5,388 unique log files traced back to 5,878 distinct IP addresses.

Finjan said the server was a drop site for the AdPack exploit toolkit. The hacker controlling the server did not encrypt the data and failed to protect the server from being accessed.

"It shows that you don't have to be highly knowledgeable to use these toolkits," said Yuval Ben-Itzhak, Finjan's chief technology officer. "The whole idea for selling these toolkits is to provide to people who are not security experts and do not have a computer science background."

Like other crimeware toolkits such as NeoSploit or MPack, the AdPack toolkit has a very intuitive interface, Ben-Itzhak said. The management features enable the criminal to address specific groups of users by allowing them to target a country or IP, or even by log types, he said.

Crimeware, exploit packs:
Symantec sees spike in crimeware kits, organized cybercriminals: Crimeware kits sold on the black market are skyrocketing according to an Internet threat report issued by security vendor Symantec.

New phishing, Zeus Trojan technique spreads crimeware: Researchers are tracking new phishing methods that steal a victim's information and spread a Trojan designed to pilfer even more data.

Cybercriminals employ toolkits in rising numbers to steal data: The market is increasing for crimeware toolkits that help cybercriminals avoid detection and exploit flaws, according to new research from security vendor, Finjan.

Cybercriminals found it easy to access whole Outlook accounts including mail and personal folders, calendar, public folders and contacts, Ben-Itzhak said. The crimeware used by the hacker was able to capture screenshots of the victim's desktop and upload them to the server.

Ben-Itzhak said since the initial discovery, three other servers have been discovered with unprotected sensitive data.

"This indicates that the person running it is interested in the data and the money, but probably has no clue about how to secure the server and how to protect the data from others to access it," he said.

Finjan notified more than 40 major international financial institutions located in the United States, Europe and India whose customers were compromised as well as various law enforcements around the world.

Ben-Itzhak said the server logs contained a mountain of healthcare information, including personal data, health data, treatment, medications, insurance details, Social Security Numbers, and healthcare providers' data, including physician's name. Due to the fact that the data was HIPAA related, Finjan informed the FBI of the discovery.

"I think that the fact that medical data was stolen from doctors' PCs using Trojans, means there's still work to do," Ben-Itzhak said. "There are still security measures that need to be implemented."

Other data contained personnel files and business files marked confidential. One message revealed details about an upcoming court case, while a few others contained business financial data such as invoice information. Banking data, including credit card numbers and account login numbers were also discovered on the server, Ben-Itzhak said.

In one example, the cybercriminals gained access to a large chunk of business data, including network folders and business contacts. They also had access to the company's shipment information, retirement plans and invoices, Ben-Itzhak said.

"These criminals are not just targeting credit cards and the individual's identity, they're targeting real business data," Ben-Itzhak said. "It's not just a technical problem anymore of a broken application that the IT department has to fix, it's a real business issue here that someone is monitoring your activity."

Dig Deeper on Hacker tools and techniques: Underground hacking sites

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.