Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Another E-Commerce Site Suffers Hack Attack

Mar 03, 2000, 04:51 (2 Talkback[s])
(Other stories by Brian McWilliams, Clint Boulton)

Undaunted by U.S. government vows to crack down on those who pilfer credit card numbers from Web sites, a man going by the name of "Curador" breached SalesGate.com in the latest of a rash of cracks made by the hacker who claims he is trying to help companies by illuminating weaknesses in their security systems.

In his latest attempt about a week ago, Curador lifted 2,000 records, including credit card numbers and other personal information from SalesGate. SalesGate is a New York-based marketplace "developed to help small and large businesses sell online in a way that guarantees the protection of the user's personal information." The firm extends this guarantee on its home page, which may appear as a challenge to the hacker.

SalesGate co-founder Chris Keller confirmed Thursday that the credit card numbers were lifted and said "a number of agencies," including the U.S. Secret Service "are working to catch" the hacker.

As of Thursday, SalesGate has contacted customers affected by the breach, cancelling the cards directly with the credit card companies. It also warned them to beware of unauthorized charges made.

Curador has also admitted to hacking into promobility.net, shoppingthailand.com and LTAmedia.com in recent weeks.

At the time of the shoppingthailand.com breach in which he took 5,000 credit card numbers, Curador held court on a Web site, thanking Bill Gates for making "SQL servers with default world readable permissions."

"Maybe one day people will set up their sites properly before they start trading because otherwise this won't be the last page I post to the NET," wrote the cracker in a message at his site, which is mirrored here.

Curador's e-crackerce.com site, where Curador listed the stolen card numbers, was recently taken down by the hosting company. Last week, the counter at the site showed that it had been visited more than 500 times, raising the question whether Curador had given out the address in newsgroups or IRC channels devoted to stolen credit cards.

Larry Hutchenson is the Webmaster for LTAMedia.com, which Curador cracked around Feb. 3 and stole about 750 credit cards. While Curador's claimed at his site to be "the saint of ecommerce," Hutchenson said he's just a crook.

"It would be one thing if the gentleman had sent an e-mail to me or somebody else saying that 'you have a security breach in your area, you can do this' -- I mean the guy used outrageous stuff to get in," said Hutchenson. "If he had sent that stuff to me it would be one thing. If somebody takes information that is stored on the site, and it has been entrusted on that site and they steal that information and use it, post it, or whatever, it is stealing."

Tyger Team Consultants was the first to notify LTAMedia about the break-in. Tyger's Chris Davis, who is investigating Curador's activities, refuses to believe that Curador's actions are benevolent. He said the hacks were made on systems with IIS and NT servers, which are not known to provide excellent security. Furthermore, after conducting an audit, he discovered Curador had installed a "back door" program in which he could return to manipulate the site in the future.

"They (sites) may be vulnerable due to outside administrators that doesn't maybe understand all of the security implications that come with IIS and NT, which there are several right out of the box," said Davis. "Why are you adding to their vulnerabilities then? They secure their boxes to the best of their ability, this kid breaks in to show that they're not secure and he backdoors them so that he can get back in whenever he wants and no one will know about? And then he's using their credit card numbers? It doesn't jive."

In a Feb. 3 interview with InternetNews Radio, Curador said his hacker name means "custodian" and that his actions come out of "delusions of grandeur" based on the 1997 film "The Saint" in which a thief steals jewels, but then helps people.

When asked if he thought he would get caught, Curador, who many say has not adequately covered his tracks, tried to be realistic.

"Everybody gets caught sooner or later," he said. "I don't think what I am doing is technically illegal. I am publishing numbers that are public property on sites -- I am not selling them to people."

Curador said he is trying to show that a well-known RDS bug on Microsoft's (MSFT) NT servers is easily manipulated to control an entire server. Experts say RDS may affect as much as 80 percent of those companies running Windows NT servers.

The electronic assault is also the latest in a rash of hacks made in the last two months on companies as large as eBay Inc. (EBAY) and as small as CDuniverse, a Wallingford-based firm who had more than 300,000 credit card numbers taken by a self-described 18-year-old hacker named "Maxus" last January.

Secret Service officials were trying to link attacks on other major companies such as Datek, Amazon.com Amazon.com Inc. (AMZN) and Yahoo! Inc. (YHOO).

Related Story:
CNET News.com: Hacker attack latest in string of online credit card thefts (Mar 03, 2000)