FBI investigating widespread Web site break-ins by crime groups

Computerworld - The FBI today disclosed it has launched 40 separate investigations into alleged hacking incidents by Eastern European organized crime groups that are believed to have stolen more than 1 million credit card numbers from e-commerce and online finance Web sites powered by Windows NT servers.

A spokeswoman for the FBI's National Infrastructure Protection Center (NIPC) said the break-ins have occurred in 20 U.S. states and are thought to be part of a systematic effort by crime syndicates in Russia and Ukraine to break into vulnerable Web servers. Estimated financial losses since the NIPC issued an initial warning about the threat in December total as much as hundreds of thousands of dollars, she said.

But the figure could be much higher, the spokeswoman added, saying that the NIPC hasn't been able to determine an exact damages amount. The agency, which is based at FBI headquarters in Washington, today released an advisory saying the hacking activities are continuing. The advisory reiterated a recommendation that systems administrators should check their Windows NT-based servers to make sure patches designed to fix several known security holes have been installed.

To date, the NIPC spokeswoman said, e-commerce sites across the country have failed to heed the warnings about the holes in Microsoft Corp.'s operating system software. She described the new advisory as "a public service announcement" meant to urge companies to bolster the security of their Web sites by downloading the patches made available by Microsoft.

"These [organized crime] groups have hit on these sites using known vulnerabilities for months now, and people are not heeding the warnings," the spokeswoman said. Microsoft discovered and patched many of the vulnerabilities in NT as early as 1998. But until companies take the appropriate steps, she added, the attacks are "not going to stop."

Scott Christie, an assistant U.S. attorney and intellectual property coordinator at the U.S. Attorney's Office for the District of New Jersey, said federal investigators have identified several different groups of hackers that they believe are responsible for the incidents.

"We have a very good sense of who is involved," Christie said. "It's national in scope and at a point that we all felt it was appropriate to let a wider audience know what is going on." Christie characterized the threat posed by the hackers as a "serious impediment to public confidence in e-commerce."

A Microsoft spokesman said there's no way of knowing how widely the NT patches have been applied. Download rates are a poor indicator because a single download can be applied "an infinite