Extortionist
targets Creditcards.com
By Greg Sandoval, Special
to ZDNet
December
12, 2000 2:31 PM PT - Copyright ©
ZDNet
A hacker called 'chad' leaves
the online credit card clearing house hanging after
exposing more than 55,000 credit card numbers. The
FBI is investigating.
Creditcards.com was the victim of an extortion attempt
by a cyberthief accused of hacking into its site and
exposing more than 55,000 credit card numbers, the
company said Tuesday.
The company is working with the FBI on the case, said
Laurent Jean, a spokesman for Los Angeles-based Creditcards.com.
"It
was an act of retribution," Jean said. "He
was angry with us and this was the way he took out
his anger. After (he asked) us for money, we did everything
we could to prevent him from entering our system."
The suspect was thought to have hacked into the site
and exposed the numbers on the Internet sometime Monday,
Jean said. Online merchants who used CreditCards.com
were notified by the cyberthief on Monday night. The
credit card numbers were still up on the Web early
Tuesday.
Huntington Beach, Calif., resident Les Kelly, a photographer
and Web site developer, received the notification
on Monday evening. While almost deleting e-mail with
the rest of his spam, Kelly instead read the e-mail
and immediately checked out the claims, he said.
'Chad' leaves users hanging Kelly found neither of
his credit card numbers had been stolen. "I have
a merchant account for one of my Web sites. There
is a possibility that it uses CreditCards.com as a
clearinghouse and that is why I was contacted,"
said Kelly, who described himself as a "average
60-year-old guy -- not a wizard with computers."
The cyberthief forged an email address -- chad@microsoft.com,
apparently in reference to the current election woes
-- and railed against e-commerce companies and a lack
of privacy for which, ironically, the hacker is partially
responsible.
"Till (sic) no completely secure way of transferring
the confidential information (is) invented, the number
one priority for each and every online company is
to secure transaction and to hide information about
their clients," wrote the cyberthief, who claimed
to be part of a group calling themselves the "L33chWareZ
haCkInG GrOUp."
Matt McLaughlin, spokesman for the FBI's Los Angeles
field office, confirmed that agents from the bureau's
"Cyber Squad" are looking into the case.
Hacking
a threat to companies
Privately held Creditcards.com
is a business-to-business site that works with Web
merchants so they can accept credit card payments.
According to the company's Web site, its customers
include software maker iKnowledge and health site
Premier Solutions.
The year has seen several high-profile security breaches
at e-commerce sites. In September, human error caused
a glitch that allowed a hacker to copy the credit
card information of about 15,700 customers from Western
Union's Web site. Hackers broke into CD Universe's
database in January and posted links to thousands
of customer names, addresses, and credit card numbers
after being unable to extort money from the online
music store.
Though studies have shown that hacker attacks have
caused some consumers to shy away from online shopping,
hacking is much more of a threat to companies, IDC
analyst Charles Cology said.
"It's a pain for the credit card companies who
must cancel thousands of cards and potentially reimburse
bogus charges," Cology said. However, for the
individual cardholder, the breach is a mere nuisance,
he said.
Security breaches like the one at Creditcards.com
are an indication of where the real security problems
are, Cology said: in companies' back-end databases.
While there is a certain risk that credit cards sent
over the Internet can be intercepted, databases contain
huge amounts of personal information that comes from
all types of transactions, not just from consumer
Internet purchases, he said.
Robert Lemos contributed to this report.- Copyright
©
ZDNet
|
