BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: World: Americas
Front Page 
Middle East 
South Asia 
From Our Own Correspondent 
Letter From America 
UK Politics 
Talking Point 
In Depth 

Thursday, 8 March, 2001, 23:59 GMT
Hackers steal 1m credit card numbers

Russian and Ukrainian computer hackers have stolen more than a million credit card numbers as part of a massive extortion scheme, the United States Federal Bureau of Investigation (FBI) said on Thursday.

Hackers gain access to the networks of companies involved in e-commerce or e-banking and download customer databases, credit card numbers and proprietary information, the FBI said.

The criminals then contact the firms and threaten to publish the information if they are not paid.

The FBI said that paying the hackers is not a guarantee that they will not pass the stolen information on anyway.

"Investigators believe that in some instances the credit card information is being sold to organised crime groups," an FBI statement said.

The FBI is reportedly investigating the possibility that governments are supporting the hackers.

Known vulnerabilities

The FBI and its computer-crimes division, the National Infrastructure Protection Center (NIPC), have identified more than 40 victims in 20 US states.

E-businesses have got credit cards, names, addresses and buying habits - they have to take their responsibility more seriously

Mark Rasch,
Predictive Systems
The hackers take advantage of vulnerabilities in Microsoft Windows NT operating systems that have been known at least since 1998.

Patches for these weaknesses are available for free downloading from the Microsoft website, but the FBI says many computer owners have not bothered to upgrade.

The NIPC website provides a list of software vulnerabilities that have been exploited.

A computer networking expert warned that online traders have to make more serious efforts to guard information.

"They've got credit cards, names, addresses and buying habits. They have to take their responsibility more seriously," said Mark Rasch, legal counsel for Predictive Systems.

Extortion demands

At least two companies have been the subject of $100,000 extortion demands.

Both CD Universe and refused to pay hackers who identified themselves as Russian, and both saw thousands of credit card numbers from their databased released to the public.

Western Union shut its website down for five days last autumn when hackers stole more than 15,000 credit card numbers from its online operation.

One analyst warned that online customers may find out the hard way that their details have been stolen.

"Merchants don't want people to know they've been hacked" because their business depends on people trusting them with their credit card numbers, said Meridien Research analyst Jeanne Capachin.

Search BBC News Online

Advanced search options
Launch console
See also:

13 Feb 01 | Sci/Tech
Kournikova computer virus hits hard
05 Sep 00 | Asia-Pacific
Plea to revive Love Bug charges
21 Aug 00 | Asia-Pacific
Love Bug charges dropped
10 May 00 | Sci/Tech
Warning of more internet attacks
09 May 00 | Americas
Defending cyberspace
09 May 00 | Sci/Tech
Police hunt Love Bug gang
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Americas stories are at the foot of the page.

E-mail this story to a friend

Links to more Americas stories