Cyberthieves lose their loot

It is common knowledge that if
you have valuable data on a server,
you should protect it with encryption
and access controls.

And with a thriving black market
in personal information that
now rivals the illicit drug trade,
you would think that stolen data
would be considered valuable. If
it was worth stealing in the first
place, isn't it worth protecting?

But when analysts at Finjan's
Malicious Code Research Center
began following some suspicious
outgoing traffic from one of their
customer networks, it led them to
a server that not only hosted malicious
code and the command-and-control applications for Web
site attacks but also was a drop
point for data harvested from
compromised computers.

The researchers found 1.4G of
raw data that included medical
records, personal and business
e-mails, financial account information
and transaction data.

'It was just there waiting for
someone to collect it,' said Yuval
Ben-Itzhak, Finjan's chief technology
officer. No encryption, no
access controls of any kind were
present to hide it or keep the researchers

'They did a great job of infecting
other people but a bad job of
protecting their own server,' he

The server has been shut down,
the information is gone and the
authorities have been alerted.
Remember, security is everybody's

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected