http://www.taipeitimes.com/News/taiwan/archives/2004/06/10/2003174478 STAFF WRITER, WITH CNA Jun 10, 2004 The numbers and personal codes of more than 100,000 Internet banking and auction-site clients are feared to have been stolen by hackers from across the Taiwan Strait. Criminal Investigation Bureau officials said yesterday that they had arrested a Taiwanese man named Chen Chung-shun (³¯±R¶¶), 30, in Hualien, and seized a huge amount of confidential data, including 45 million e-mail addresses, almost 200,000 bank and auction-site account numbers with their corresponding personal secret codes, and information on three figurehead bank accounts. Investigators believe Chen has been collaborating with Chinese hackers since February to steal Internet bank codes by planting "shell" or "revised" versions of "Trojan horse" programs into the personal computers of customers using Internet banking services. Although Chen said he had obtained hundreds of thousands of bank account codes, police found only a portion of the code information at Chen's premises in Hualien. Chen reported told investigators that he had transferred approximately 100,000 accounts and personal codes to the China-based hackers, and he had no backup copies in his database. Investigators have urged the public to change their bank codes immediately to avoid losing their money. Chen had reportedly gathered 45 million Taiwanese e-mail addresses, and in mid-February, he started sending advertising e-mails containing shell or revised Trojan horses to those e-mail addresses. By mid-March, he had sent out over 18 million e-mails. Police said the banks' firewalls a had not been compromised, but that using the "shell" versions provided by Chinese hackers and attached to the e-mails, Chen managed to record account numbers and personal codes as they were input by bank customers. After obtaining account num-bers and personal codes, Chen proceeded to transfer money to other accounts. Although the total amount stolen by the ring is estimated to be several million NT dollars, the full extent of the losses is not yet known. Officials said the ring withdrew the money from the International Commercial Bank of China ATM machines in China, or transferred it to hundreds of figurehead accounts which had been established in the names of 10 Taiwanese people. Hundreds of thousands of bank-account numbers, with corresponding personal codes, were exposed to the hackers' machines, according to investigators. The officials said that among the bank accounts tampered with were savings accounts with funds in excess of NT$200 million (US$5.9 million). Bureau officials described this type of Internet crime as "secretive, shapeless, borderless, anonymous and without restrictions on distance." They said the total damage caused by the hackers was not yet known. _________________________________________ ISN mailing list Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie! (Broke? Spend 15 minutes a day on the project!)
This archive was generated by hypermail 2b30 : Fri Jun 11 2004 - 06:09:26 PDT