By Ed Pilkington
July 16, 2007
Hackers have launched an assault on websites in Italy and beyond dubbed
"the Italian job" in a move seen by internet security experts as the
next step in the escalating problem of cyber crime.
Gangs presumed to be based in Eastern Europe have probably infected more
than 10,000 web pages on popular websites including travel agents,
hotels, charities and government departments. Most of the sites are in
Italy, although the attack has also spread to Spainand the US.
Using an attack "tool kit" available for $815 on the internet from
Russia, the attackers implanted codes that download a "keylogger" onto
the computer of anyone opening those sites. The keylogger allows the
hackers to monitor any activity on the infected machine - in effect to
control the computer. That gives them access to any bank details, credit
card information or passwords that are entered.
It is not known how many computers have been infected by the attacks,
which are believed to have begun about the middle of last month.
Security experts put the numbers at tens of thousands.
Dan Hubbard, of the Californian internet security firm Websense, says
Italy may have been targeted because of the seasonal popularity of its
travel websites or because the hackers had discovered a way to penetrate
an Italian bank's firewalls to steal identities. "We often call this
sort of thing the perfect crime because it is so difficult to track down
Trojan attacks are not new but experts say the scale of the latest
onslaught is unparalleled, as is its focus on established websites to
steal banking identities. David Perry, a director of another US web
security firm, Trend Micro, says: "This is a paradigm shift. We can
expect to see this kind of thing being replicated now for the next five
or six months."
Researchers at the company have tracked the attack to servers based in
Hong Kong, San Francisco and Chicago. The FBI and specialist police in
Europe are trying to follow it back to the source.
Perry says one reason the Italian job is proving so effective is that it
has been programmed to spot many different types of weaknesses in
computer security systems. "It looks for a wide spectrum of
vulnerabilities in a computer, acting like a sort of Swiss Army knife
with many different ways to pierce through the protection."
The initial assault on websites appears to have slowed, but as long as
websites are infected with the attack tool kit, many users will continue
to be vulnerable without realising it. Experts say there tends to be a
lull followed by a renewed outburst in a different part of the world.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com