Major International Data Thieves Caught

The United States Department of Justice (DOJ) recently indicted members of an identify theft and computer fraud scam that represented one of the largest data breaches in US history. In other news, researchers have found that Microsoft Corp's Internet Explorer version 6 has an unpatched security vulnerability, while spammers are taking advantage of the Olympics to increase the amount of Spam and Malware.

Focal Points:

• Eleven people have been either charged or indicted for identity theft and fraud by officials from the US Department of Justice. The thieves attacked systems from nine US retailers, including BJ's Wholesale Club, TJX Companies, Inc., and DSW Inc. Other retails targeted by the hackers included Office Max (OMX, Inc.), Barnes & Noble, LLC, Boston Market Corp., Sports Authority, and Forever 21, Inc. The theft ring stole over 40 millions credit card and debit card numbers. This was done by installing "sniffer" programs in the retailer's computer networks, which gave the thieves access to the protected information. The criminals were arraigned in Miami, Florida, but also face charges in California and New York. The criminals were international, coming from Belarus, China, Estonia, The Ukraine and the United States.
• Recent news reports found that Internet Explorer 6 is vulnerable to a bug in the Microsoft Access database. This older version of Internet Explorer is more susceptible to the bug than Microsoft's most recent version of Internet Explorer. This exposure was uncovered by security researchers at Symantec Corp. Researchers found the flaw after receiving Microsoft's latest set of patches in July 2008. The problem is in the ActiveX control Snapshot Viewer. The bug allows users to see Access reports without having to launch the Access software. Researchers have discovered that hackers are actively exploiting this vulnerability, luring people to corrupt pages with either spam or instant messages. While Internet Explorer 7 warns users before downloading this ActiveX control, IE6 does not.
• Law enforcement officials are finding hackers are taking advantage of the Olympic Games to try and get access to private information on users' systems. A popular attack is embedding malware in emails that appear to be official press reports from the International Olympic Committee (IOC). These attacks are hitting at least 19 Internet Domains, according to recent research from engineers at MessageLabs Ltd. The attacks are in Adobe Acrobat PDF attachments, which then start malicious executable programs once the PDFs are opened. Emails appear to come from international.olympic@gmail.com and international.olympic2008@gmail.com

Experton Group believes enterprise IT users  and consumers will be more vulnerable to security attacks during large-scale events, where it is more difficult to control the increased messages that will naturally occur during such events as Bowl Games, political elections, and major news reports. IT executives should establish security policies for proper actions on all email, as well as establishing multi-layered data leakage and intrusion prevention security technology.