Firm says it uncovered ID-theft ring

Anti-spyware maker says Internet victims may be in thousands

St. Petersburg Times

August 9, 2005

CLEARWATER, Fla. - The very private details of people's lives flashed on a wall at Sunbelt Software yesterday.

Social Security numbers. Credit-card numbers. Bank account numbers, eBay and PayPal account numbers. Online user names and passwords. And more.

All of it was projected on a wall at an office at Sunbelt Software's office in Clearwater. All of it was live from a Web site. All of it was taken secretly from computers here and around the world. Most, if not all, of the victims had no idea they had been snared by intrusive software known as spyware.

Sunbelt, which makes anti-spyware and antispam software, discovered what it called an international identity theft ring while doing research last week. But this time, researchers found more than software hidden on a computer.

"We've actually been able to get in to the back door of one of these guys and actually see the operation," said Alex Eckelberry, Sunbelt's president, as he showed it to a reporter. "The scale and sophistication, it was astounding."

The company issued an online alert about the ring through its company blog. Sunbelt says it notified the FBI and the Secret Service. The FBI said it was aware of the information but could not confirm that an investigation was under way.

Eckelberry and his staff notified some people listed on the site they believed to be at great risk.

He said an Alabama family had experienced an unusual number of popup ads, and its Internet service provider shut down the e-mail because so much was being sent. "By the time I called, they already knew something was weird," Eckelberry said.

Other victims were more cautious, fearing that the phone call itself was a scam. Some just thanked him, he said.

Sunbelt's find, announced by Eckelberry on its Web log (sunbeltblog.blogspot.com/), appeared in accounts over the weekend in ComputerWorld and InformationWeek. Other blogs then picked it up.

It is not known how long the ring has been operating or how many people have been affected. Apparently, the thieves download the stolen information, clear that data from the site and then wait for more stolen information to be posted.

Eckelberry estimates thousands have been victimized.

Spyware is software that usually is planted on a computer without the owner's knowledge. In more benign forms, it may track online activity for marketing purposes.

But increasingly it is being used in criminal activity. Theft of computer data is the goal.

Computers can get infected in a variety of ways, including users downloading "free" information, clicking on popup advertising or visiting Web sites.

Half the respondents to a Consumer Reports survey say they have had a spyware problem in the past six months. The survey, in the current issue, said 18 percent of the 3,200 households surveyed had to erase hard drives to clean the machines, 51 percent are more careful while browsing online and 38 percent download fewer free programs.

In this case, Sunbelt says the spyware used a key logger, which records keystrokes on a computer and transmits the data to another computer. The company tracked the spyware back to an unsecured Web site, which is in the United States but is registered overseas.

The site also could control other software planted on spyware-infected computers so they could be used for things such as sending spam.

Sunbelt has shared its findings with other security software companies, a customary practice. It will continue to analyze the spyware, and a fix for it should be available soon.

Johannes B. Ullrich, chief research officer at the SANS Institute, a security and research organization in Bethesda, Md., says Sunbelt's tracking back to the Web site made this case unusual. Such an investigation "takes a lot of work to go into depth," he said.

Ullrich says some personal data such as stolen Social Security or credit-card numbers can be found fairly easily at Web sites or even posted on bulletin boards. "For consumers, it gets hard to defend against it perfectly," Ullrich said.

One thing people need is a firewall, which can be software or part of a hardware router used for a network. It blocks intruders trying to get into their machines.

Antivirus and antispyware software is important, Ullrich says. (Free antispyware software such as Spybot Search & Destroy, Ad-aware and Microsoft's Antispyware beta are available online.)