Print

Email story

Comment

Email editor

Company unearths ID theft ring

Clearwater's Sunbelt Software notifies authorities and victims of the computer scam.

By DAVE GUSSOW
Published August 9, 2005

CLEARWATER - The very private details of people's lives flashed on a wall at Sunbelt Software on Monday.

Social Security numbers. Credit card numbers. Bank account numbers. EBay and PayPal account numbers. Online user names and passwords. And more.

All of it was projected on a wall at an office at Clearwater's Sunbelt Software. All of it was live from a Web site. All of it was taken secretly from computers here and around the world. Most, if not all, of the victims had no idea they had been snared by intrusive software known as spyware.

Sunbelt, which makes antispyware and antispam software, discovered what it called an international identity theft ring while doing research last week. But this time, researchers found more than software hidden on a computer.

"We've actually been able to get in to the back door of one of these guys and actually see the operation," said Alex Eckelberry, Sunbelt's president, as he showed it to a reporter. "The scale and sophistication, it was astounding."

The company issued an online alert about the ring through its company blog. Sunbelt says it notified the FBI and the Secret Service. The FBI, following its policy, would say only that it was aware of the information but could not confirm that an investigation was under way.

Because the FBI seemed to be slow to respond and because Eckelberry and his staff felt some people listed on the site were at great risk, they called or e-mailed some of the victims.

One family in Alabama had experienced an unusual number of popup ads, and its Internet service provider shut down the e-mail because so much was being sent.

"By the time I called, they already knew something was weird," Eckelberry said. Other victims were more cautious, fearing that the phone call itself was a scam. Some just thanked him. At least one victim lives in the Tampa Bay region, another in Sarasota, Eckelberry said.

Sunbelt's find, announced by Eckelberry on its Web log (sunbeltblog.blogspot.com/), quickly gained traction over the weekend, spreading after stories appeared in ComputerWorld and InformationWeek. Other blogs then picked it up.

It is not known how long the ring has been operating or how many people have been affected. Apparently, the thieves download the stolen information, clear that data from the site and then wait for more stolen information to be posted.

Eckelberry estimates thousands have been victimized.

Spyware is software that usually is planted on a computer without the owner's knowledge. In more benign forms, it may track online activity for marketing purposes.

But increasingly it is being used in criminal activity. Theft of computer data is the goal. Computers can get infected in a variety of ways, including users downloading "free" stuff, clicking on popup advertising or visiting Web sites.

Indeed, half the respondents to a Consumer Reports survey say they have had a spyware problem in the past six months. The survey, in the current issue, said 18 percent of the 3,200 households had to erase hard drives to clean the machines, 51 percent are more careful while browsing online and 38 percent download free programs less frequently.

In this case, Sunbelt says the spyware used a keylogger, which records keystrokes on a computer and transmits the data to another computer. The company tracked the spyware back to an unsecured Web site, which is in the United States but is registered overseas.

The site didn't just contain people's personal information. It also could control other software planted on spyware-infected computers so they could be used for things such as sending out spam.

Sunbelt has shared its findings with other security software companies, a customary practice. It will continue to analyze the spyware, and a fix for it should be available soon.

Johannes Ullrich, chief research officer at the SANS Institute, a security and research organization in Bethesda, Md., says Sunbelt's tracking back to the Web site made this case unique. Usually, such an investigation "takes a lot of work to go into depth."

In fact, Ullrich says, some personal data such as stolen Social Security or credit card numbers can be found fairly easily at Web sites or even posted on bulletin boards.

"For consumers, it gets hard to defend against it perfectly," Ullrich said.

One thing people need is a firewall, which can be software or part of a hardware router used for a network. It blocks intruders trying to get into their machines. Also useful is software that alerts when an unauthorized outgoing transmission is attempted. For example, a good free one is Zone Alarm (www.zonelabs.com.)

Antivirus and antispyware software is important, Ullrich says. (Free antispyware software such as Spybot Search & Destroy, Ad-aware and Microsoft's Antispyware beta are available online.)

"They are not perfect," he said. "But without them, computers almost certainly are going to be infected."

[Last modified August 9, 2005, 01:22:12]