Crime Ring Targets NT-based Websites

The FBI’s National Infrastructure Protection Center (NIPC) and the U.S. Secret Service are currently investigating successful attempts by Russian and Ukrainian organized crime rings to hack into unpatched Windows NT–based e-commerce and e-banking Web sites in the United States, steal credit card numbers and other customer data, and then use it to extort money from the Web site operators. The authorities have already learned of 40 victims in 20 states, and over 1 million credit card numbers are known to have been stolen. In certain cases, the credit card numbers and other customer data have been sold to other criminal organizations or published on the Internet, even in cases where the Web site owner cooperated with the extortionists.

Who Is at Risk?

The criminals have been exploiting well-known vulnerabilities in NT 4.0–based Internet Web sites, allowing them to steal confidential information from back-end databases. Microsoft issued patches to correct these security holes as early as 1998, and the latest patch was released in 2000. Web sites running Windows 2000 are not at risk from these specific types of attacks.