Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Crimeserver" Full of Personal/Business Data Found

Posted by kdawson on from the gotta-store-it-somewhere dept.

Presto Vivace sends news of a server found by security firm Finjan that contained a 1.4-GB cache of stolen data, accumulated over a period of less than a month from compromised PCs around the world. The "crimeserver," as Finjan dubs it, "provided command and control functions for malware attacks in addition to being a drop site for data harvested from compromised computers. ... The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain." Oddly enough, the data was stored in the open, with not even basic auth to protect it. Finjan notes in their press release that this huge trove of data gathered over a short period of time indicates that the crimeware problem is far larger than most observers have been assuming. Update: 05/08 12:29 GMT by T : Note, the security firm involved is spelled "Finjan," not "Finjin" as originally shown.

4 of 114 comments (clear)

  1. Why would they need basic auth? by morgan_greywolf · · Score: 5, Insightful

    Why would they need basic auth? After all, the security on the compromised computers was bad enough for them, complete random strangers to the owners of the PCs, to bypass system authentication and authorization controls to grab the data in the first place.

    --
    My blog
    1. Re:Why would they need basic auth? by kcbanner · · Score: 5, Insightful

      Because all scammers aren't friends with each other.

      --
      Obligatory blog plug: http://www.caseybanner.ca/
  2. So you have to a CISSP to run a script now? by mungmaster2000 · · Score: 5, Insightful

    "The server was not secure at all. It indicates that these people that are doing the crime today, they are not security experts, they are not computer science experts." Uhhh....So someone knocks over a liquor store with a 9 mm. Does that mean that he's a gunsmith or a sharpshooter, or skilled in advanced war-fighting techniques of some kind? No...Chances are he's a just a guy with a gun. People use whatever they can to take what they want. Film at eleven.

  3. Security company finds unsecure server by Whuffo · · Score: 5, Insightful
    Must be a slow news day for this kind of astroturf to bubble to the top. Notice how carefully they count how many people in each country had their data stolen and stored on this server. Also notice how many of those people these security folks notified of the data breach. Yup, exactly zero.

    So they're not trying to help at all. What they're trying to do is sell their services and using this pseudo-news article to do it. Shame on them.