Interesting People mailing list archives
Clues on how 8 Million Credit Accounts Exposed?
From: Dave Farber <dave () farber net>
Date: Fri, 21 Feb 2003 14:16:42 -0500
------ Forwarded Message From: AD Marshall <AD.VICE () ParadoxCafe Net> Date: Fri, 21 Feb 2003 23:59:24 +0700 To: dave () farber net Subject: Clues on how 8 Million Credit Accounts Exposed?
From: Ted Bridis <tbridis () ap org> [Original message below] To: dave () farber net Subject: RE: [IP] a bit more on 8 Million Credit Accounts Exposed FBI to Investigate Hacking of Date: Thu, 20 Feb 2003 11:14:31 -0500 Actually, the AP yesterday tracked down the company that was hacked. http://news.yahoo.com/news?tmpl=story2&cid=528&ncid=528&e=10&u=/ap/20030220/ ap_on_hi_te/credit_card_hack <...> Data Processors International, based in Omaha, said Wednesday that "an unauthorized outside party" had tapped into its computer system, prompting a criminal investigation.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Could the following be clues as to how DPI (Data Processor International) Corp was cracked? :: This is a bit confusing to me, but to an associate who's certified by CompTIA (Security+) and SCNP, http://www.securitycertified.net/ says the info below, collected from Netcraft yesterday, suggests the most obvious way the cracker got in was via the Microsoft IIS packages they seem to be running, at http://www.dpicorp.com/, packages which very likely were not updated, and maybe for a very long time. Of course, there could have been many other possible holes in DPI Corp before they actually talked to the press. Oddly, as well, the same level of detail does not appear at Netcraft now (for the last hour at least). Netcraft is now using it's "oldwhats" script (see below -- a mirror URL for yesterday's [normal?] "whats" script info is included). - - From NetCraft's "What's that site running?" service, http://www.netcraft.com/whats/, yesterday (ICT, IndoChina Time) --: <start> OS, Web Server and Hosting History for www.dpicorp.com OS Windows 2000 Server Microsoft-IIS/ 5.0 Last changed 19-Feb-2003 IP address 12.36.215.4 Netblock Owner DPI MERCHANT SERVICES OS unknown Server Microsoft-IIS/ 5.0 Last changed 18-Feb-2003 IP address 12.36.215.4 Netblock Owner DPI MERCHANT SERVICES OS NT4/Windows 98 << Note!! Very outdated Server Microsoft-IIS/ 4.0 << Note!! Very vulnerable Last changed 28-Jan-2002 IP address 12.36.215.4 Netblock Owner DPI MERCHANT SERVICES OS NT4/Windows 98 Server Microsoft-IIS/ 4.0 Last changed 21-May- 2001 IP address 12.22.180.167 Netblock Owner Dpi Merchant Services <end> Today, going to http://www.netcraft.com/whats/ will automatically transfer you to a URL like this: http://www.netcraft.com/oldwhats/?host=www.dpicorp.com&Examine=Wait.. ^^^^^^^^ That "oldwhats" URL will only provide this information: www.dpicorp.com www.dpicorp.com is running Microsoft-IIS/5.0 on Windows 2000 When my associate saw this, he involuntarily blurted out "Oh my god! It's a cover-up!" But we quickly decided we could not draw that conclusion yet. Netcraft could be undergoing an upgrade or something, maybe? There is no obvious notice of changes or technical problems at Netcraft. The links to Netcraft's "What's that site running?" service still point to http://www.netcraft.com/whats. And the The auto-transfer to http://www.netcraft.com/oldwhats is almost invisible. We pseudo-mirrored yesterday's Netcraft results at http://www.viceconsulting.com/cons/servs/infosec/dpicorp/netcraft/ [No edits were made to that page.] Maybe someone else on this list can enlighten us. best, AD *--------------------------------------------------* AD Marshall, VietInfoComm&Edu [VICE]-8 Consulting Vietnam Information Communications & Education Post: 8A/G8 Don Dat, Q.1, TpHCM, VietNam eMail: mailto:AD.VICE () ParadoxCafe Net *--------------------------------------------------* GPG/PGP Public Keys & Fingerprints: http://h0lug.sourceforge.net/gpgpgp.html *--------------------------------------------------* -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPlZas9wPEMH+NY5OEQL7fQCg+PgbRZFL8wRKOd2sHoqtHci7QvIAoLLj aM2JVW4ZNhLXGfEfva5yd81f =Voly -----END PGP SIGNATURE----- At 23:22 2003.02.20, you wrote:
-----Original Message----- From: Ted Bridis <tbridis () ap org> To: dave () farber net Subject: RE: [IP] a bit more on 8 Million Credit Accounts Exposed FBI to Investigate Hacking of Database Date: Thu, 20 Feb 2003 11:14:31 -0500 Actually, the AP yesterday tracked down the company that was hacked. http://news.yahoo.com/news?tmpl=story2&cid=528&ncid=528&e=10&u=/ap/20030220/ ap_on_hi_te/credit_card_hack OMAHA, Neb. - A hacker who gained access to millions of credit card numbers apparently did it by breaking into a computer system at a company that handles transactions for catalog companies and other direct marketers. Data Processors International, based in Omaha, said Wednesday that "an unauthorized outside party" had tapped into its computer system, prompting a criminal investigation. [snip...] -- Dave
------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To unsubscribe or update your address, click http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Clues on how 8 Million Credit Accounts Exposed? Dave Farber (Feb 21)