Cyberthieves lose their loot
It is common knowledge that if
you have valuable data on a server,
you should protect it with encryption
and access controls.
And with a thriving black market
in personal information that
now rivals the illicit drug trade,
you would think that stolen data
would be considered valuable. If
it was worth stealing in the first
place, isn't it worth protecting?
But when analysts at Finjan's
Malicious Code Research Center
began following some suspicious
outgoing traffic from one of their
customer networks, it led them to
a server that not only hosted malicious
code and the command-and-control applications for Web
site attacks but also was a drop
point for data harvested from
The researchers found 1.4G of
raw data that included medical
records, personal and business
e-mails, financial account information
and transaction data.
'It was just there waiting for
someone to collect it,' said Yuval
Ben-Itzhak, Finjan's chief technology
officer. No encryption, no
access controls of any kind were
present to hide it or keep the researchers
'They did a great job of infecting
other people but a bad job of
protecting their own server,' he
The server has been shut down,
the information is gone and the
authorities have been alerted.
Remember, security is everybody's
William Jackson is a senior writer of GCN and the author of the CyberEye blog.