FBI Warns Against Hackers, Urges Greater Internet Security

  • Share
  • Read Later
FBI and Secret Service agents say they've uncovered the biggest e-commerce extortion scheme ever, involving more than one million credit card numbers stolen by hackers working with Russian and Ukrainian organized crime. Agents say the mobsters hack e-commerce sites, download customers' personal information and credit card numbers, then call victim companies to extort protection money. They threaten to post the purloined personal information and card numbers on the Internet — angering current customers and scaring off prospective ones — if the companies don't hire them as "security consultants."

More than 40 U.S. firms are working with U.S., Russian and Ukrainian investigators to help locate the hackers, agents say, noting that the number of victim companies could climb into the hundreds, and the costs into the hundreds of thousands of dollars.

The racket is proliferating so rapidly that alarmed FBI agents went public Thursday, well before they were ready to identify the bad guys and make arrests, to plead with e-tailers to fix the holes in their systems. "It's like walking down a row of stores, shaking the doorknobs and seeing which ones open up," says an agent in charge of the investigation.

The hackers are exploiting an old vulnerability in the Windows NT operating system. Microsoft developed a downloadable patch for the glitch as early as 1998. But many e-commerce sites have ignored Microsoft's security upgrade bulletins. Even after the FBI's National Infrastructure Protection Center site published an urgent warning last December, several dozen more cases of attempted Russian mob shakedowns were reported.

Information technology personnel at some companies ignored those warnings while they circulated mostly in the technical community. FBI officials are now trying to go over their heads to alert top managers to the threat of the new cyber-racket. As one agent put it, "We can't prevent bank robberies if you don't lock the doors."