[ISN] Hacker breaks into electronics site

From: InfoSec News (isnat_private)
Date: Thu May 30 2002 - 01:38:11 PDT

  • Next message: InfoSec News: "Re: [ISN] Microsoft Exchange hole "critical""

    http://www.cnet.com/investor/news/newsitem/0-9900-1028-9973444-0.html?tag=ats
    
    By: Greg Sandoval
    5/29/02 3:40 PM
    Source: News.com  
    
    An online electronics store on Wednesday alerted the FBI, credit card
    companies and customers that someone claiming to be a well-known
    hacker has broken into its site and stolen customer information.
    
    TheNerds.net was trying to evaluate how many of its 100,000 customers
    were affected by the break-in, President David Kriegstein said. Scores
    of customers reported getting e-mail directly from the alleged hacker,
    and the company began directly notifying all customers that their
    credit card information, home address and phone numbers may have been
    stolen.
    
    "From the looks of it, it wasn't hard to get every last bit of my
    identity necessary to facilitate fraud," said customer Maxwell
    Shantar, who got an e-mail from the intruder and in turn, sent an
    angry e-mail to TheNerds accusing them of not doing enough to protect
    customer information.
    
    Kriegstein said his company has discovered how the intruder got into
    the site Tuesday afternoon and has taken steps to prevent it from
    happening again. He would not elaborate on the nature of the
    vulnerability, or how long the intruder was in the system.
    
    Initially, executives of TheNerds e-mailed customers to say that there
    was no evidence the hacker had gained access to customer information.  
    But the intruder, calling himself "Zilterio," proved that he had
    indeed grabbed vital information by e-mailing customers. The e-mails,
    reviewed by CNET News.com, listed the customer's personal information,
    such as credit card numbers, phone numbers and addresses.
    
    "Zilterio" is the name used by a hacker who has invaded a host of
    e-commerce sites and is believed to operate somewhere overseas. Last
    summer, he broke into online gift certificate company Ecount and made
    off with home and e-mail addresses of customers but was prevented from
    taking credit card numbers.
    
    Between 100 and 200 customers contacted TheNerds about receiving the
    e-mails, according to Kriegstein.
    
    "We don't believe he got ahold of the entire database," he added. "If
    he did, we'd have had been overwhelmed with phone calls."
    
    One of the greatest threats to online merchants is hackers who prey on
    Web sites with the intent of stealing credit card numbers. The thieves
    profit by selling the credit cards on the black market or by ordering
    products online and then fencing them. Because the hackers often cover
    their tracks by launching attacks on online stores from multiple
    servers, catching these kinds of criminals has proven a challenge for
    investigators.
    
    Fraud cost e-tailers $700 million in lost merchandise last year,
    according to Avivah Litan, a financial analyst for research firm
    Gartner. Some large Internet retailers have software that screens
    transactions and refuses to sell to customers who appear suspicious.  
    Litan estimates that this costs Web stores between 5 percent and 8
    percent of sales.
    
     
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu May 30 2002 - 04:42:41 PDT