The Finjan MCRC Blog has a very interesting and detailed description of the investigation that revealed free and open Internet access to stolen identity information.
During our research for the latest Malicious Page of the Month that has just been released, we came across a domain that was being used as a command and control for the Crimeware that was executed on attacked machines. This domain was also used as the “drop site” for private information being harvested by that Crimeware.
When we further examined this server, we found that the stolen data on it was unprotected and freely accessible to anyone – we found no access restrictions, no encryption whatsoever!
In total, we found more than 1.4Gb of personal and business data (including emails and web related data) for grabs, collected from infected PCs.
They show how attacks were organized into “campaigns” and a Crimeware administrator could use a PHP-based web application to control infected systems. Real examples shown include bank and medical records.
This is an excellent case study of the current threat model to and consequences of weak data controls.