Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Crimeserver" Full of Personal/Business Data Found

Posted by kdawson on from the gotta-store-it-somewhere dept.

Presto Vivace sends news of a server found by security firm Finjan that contained a 1.4-GB cache of stolen data, accumulated over a period of less than a month from compromised PCs around the world. The "crimeserver," as Finjan dubs it, "provided command and control functions for malware attacks in addition to being a drop site for data harvested from compromised computers. ... The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain." Oddly enough, the data was stored in the open, with not even basic auth to protect it. Finjan notes in their press release that this huge trove of data gathered over a short period of time indicates that the crimeware problem is far larger than most observers have been assuming. Update: 05/08 12:29 GMT by T : Note, the security firm involved is spelled "Finjan," not "Finjin" as originally shown.

2 of 114 comments (clear)

  1. Re:So you have to a CISSP to run a script now? by moderatorrater · · Score: 4, Informative

    People use whatever they can to take what they want. Film at eleven. The news is that this stuff is now as easy to use as a 9mm.
  2. Re:Security company finds unsecure server by camperslo · · Score: 4, Informative

    Notice how carefully they count how many people in each country had their data stolen and stored on this server. Also notice how many of those people these security folks notified of the data breach. Yup, exactly zero.

    People may not have been contacted directly, but those in a good position to quickly mitigate damage were notified:

    "Finjan Inc said it had notified the U.S. Federal Bureau of Investigation, police in various countries and more than 40 financial institutions in the United States, Europe and India about the discovery of the so-called "crimeserver".

    So they're not trying to help at all. What they're trying to do is sell their services and using this pseudo-news article to do it.

    Do you actually have any evidence of this? What were they trying to sell to who?
    I would expect a press-release type of promotional piece to have more information about the services the company offers.