"The server was not secure at all. It indicates that these people that are doing the crime today, they are not security experts, they are not computer science experts.
"They are people who are buying the crime toolkits ... software packages that hackers, the smart people, are selling," he told Reuters.
"The person that operated this server had no clue on security, he had no clue about how to configure a Web server. He just took a ... toolkit and started to use it and in three weeks he managed to have this fortune, this treasure on his server."
Web firm sounds alert on criminal data trove
Tue May 6, 2008 1:38pm EDT
By Mark Trevelyan, Security Correspondent
LONDON (Reuters) - A Web security firm said on Tuesday it had tipped off international banks and police after finding a huge trove of stolen business and personal data amassed on a server in the space of just three weeks.
Finjan Inc said it had notified the U.S. Federal Bureau of Investigation, police in various countries and more than 40 financial institutions in the United States, Europe and India about the discovery of the so-called "crimeserver".
"This server was running for about three weeks and within this period it managed to collect 1.4 gigabytes of data. It is indeed the largest treasure we've found in this very short time," Yuval Ben-Itzhak, chief technology officer of the California-based firm, said in a phone interview from Israel.
The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain.
It included company personnel files, insurance details, social security numbers, medical records, credit card details and exchanges of confidential business email, in one case including details of a pending court case.
Ben-Itzhak said it was striking that the crimeserver itself was not security-protected, meaning anyone could potentially have accessed it over the Internet.
Delicious
Digg
Reddit
Newsvine
Furl
Google
Yahoo
