What May Be the Mother of All Data Thefts Proves Why Data Encryption and Credit Freezes are Needed, NOW

I have seen this written up in a couple of computer publications in the past two days, but nowhere else. I’m surprised, because the scope of the data heist is stunning, brazen, and though obviously large, is not yet fully known.

Read carefully, and grasp the impact (bolds are mine, though I could bold the whole excerpt):

Spyware researchers picking apart one of the more notorious spyware programs have stumbled upon what appears to be a massive identity theft ring hijacking confidential data from millions of infected computers.

Sunbelt Software Inc., makers of the enterprise-grade CounterSpy spyware protection product, made the discovery during an audit of “CoolWebSearch,” a program that routinely hijacks Web searchers, browser home pages and other Internet Explorer settings.

During the research, Sunbelt researcher Patrick Jordan deliberately installed the “CoolWebSearch application on a machine and immediately noticed that the infected system became a spam zombie that was placing callbacks to a remote server.

When Jordan visited the remote server, he was shocked to find that it was being used to distribute sensitive personal information from millions of PC users infected by the spyware application.

“We found the keylogger transcript files that are being uploaded to the servers. We’re talking real spyware stuff…chat sessions, usernames, passwords, bank account information, full names, addresses,” said Sunbelt president Alex Eckelberry.

In an interview with Ziff Davis Internet News, Eckelberry said the sophistication of the operation suggests it’s the work of a “massive identity theft ring” that used keystroke loggers to grab confidential information that could be used to create fake online identities.

“I’m not being dramatic. This is the most repulsive thing I’ve ever seen. It’s very painful to see what’s in these log files that are being uploaded in real time. We’re seeing a lot of bank information and usernames and passwords to get in,” Eckelberry said.

He said the log files included logins to one business bank account with more than $350,000 and another small company in California with over $11,000, readily accessible.

“There are lots of eBay account information and names and addresses of the people owning those accounts. Names, passwords, all matched up,” Eckelberry added.

He said the server, which is hosted out of a data center in Texas, was effectively a “massive repository of stolen data” that was being replenished in real time.

“As the [log] file gets to a certain size, it gets taken down and a new file starts generating. This goes on nonstop. We’ve been watching it for a few days while trying to get to the FBI, and it just keeps growing and growing.”

While the site is being hosted in the United States, Eckelberry said the domain name is registered to an offshore company.

Eckelberry said the huge size of the log files is a clear indication that thousands of machines are pinging back daily.

In some cases, where users appeared to be at immediate risk of losing a considerable amount of money, Sunbelt has contacted the affected individuals.

From another source concerning the same incident:

A spyware ring has infiltrated the IT systems of as many as 50 international banks and logged social security Security numbers, credit card and bank account numbers, passwords, eBay (Nasdaq: EBAY) and PayPal (Nasdaq: PYPL) account information and chat transcripts, according to the security firm Sunbelt Software Latest News about Sunbelt Software.

The anti-spyware manufacturer’s president wrote in the company blog that it discovered the identity theft operation while doing research on a CoolWebSearch exploit. The spyware downloads with CoolWebSearch, but is a separate program.

…. “Bad things happen. Always have. Always will,” Steve Hunt, president of 4A International, a security consulting company, told TechNewsWorld. “So don’t expect you can ever be completely free of risks like spyware — but also don’t avoid reasonable precautions.”

These operations are only going to get more sophisticated, analysts said. “These sorts of attacks on our personal and corporate secrets will only get more advanced and discrete,” Hunt warned.

Mark Durham, communications director, Identity Theft 911, thinks we need a higher form of authentication for online banking, for example. “A user name and password is not enough protection to access a bank account,” he told TechNewsWorld.

“Consumers don’t know where their data is and they can’t control how it’s used. As long as that’s true we need to push business and government and those that have that data to control it better,” Durham said.