More than 40 U.S. firms are working with U.S., Russian and Ukrainian investigators to help locate the hackers, agents say, noting that the number of victim companies could climb into the hundreds, and the costs into the hundreds of thousands of dollars.
The racket is proliferating so rapidly that alarmed FBI agents went public Thursday, well before they were ready to identify the bad guys and make arrests, to plead with e-tailers to fix the holes in their systems. "It's like walking down a row of stores, shaking the doorknobs and seeing which ones open up," says an agent in charge of the investigation.
The hackers are exploiting an old vulnerability in the Windows NT operating system. Microsoft developed a downloadable patch for the glitch as early as 1998. But many e-commerce sites have ignored Microsoft's security upgrade bulletins. Even after the FBI's National Infrastructure Protection Center site published an urgent warning last December, several dozen more cases of attempted Russian mob shakedowns were reported.
Information technology personnel at some companies ignored those warnings while they circulated mostly in the technical community. FBI officials are now trying to go over their heads to alert top managers to the threat of the new cyber-racket. As one agent put it, "We can't prevent bank robberies if you don't lock the doors."