Return-Path: <sentto-279987-2898-1002965167-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 13 Oct 2001 02:29:07 -0700 (PDT) Received: (qmail 15758 invoked by uid 510); 13 Oct 2001 09:28:20 -0000 Received: from n9.groups.yahoo.com (216.115.96.59) by 204.181.12.215 with SMTP; 13 Oct 2001 09:28:20 -0000 X-eGroups-Return: sentto-279987-2898-1002965167-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by n9.groups.yahoo.com with NNFMP; 13 Oct 2001 09:28:30 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 13 Oct 2001 09:26:07 -0000 Received: (qmail 80020 invoked from network); 13 Oct 2001 09:26:07 -0000 Received: from unknown (10.1.10.142) by m8.onelist.org with QMQP; 13 Oct 2001 09:26:07 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 13 Oct 2001 09:26:07 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id CAA01826 for iwar@onelist.com; Sat, 13 Oct 2001 02:26:07 -0700 Message-Id: <200110130926.CAA01826@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 13 Oct 2001 02:26:07 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Hacker.discloses.data.after.demands.unmet] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hacker discloses data after demands unmet By Greg Sandoval Staff Writer, CNET News.com October 11, 2001, 2:00 p.m. PT An online gift certificate company said a hacker that blackmailed it for weeks after pilfering its customer information has apparently carried out threats of disclosing the data to its customers. Webcertificate.com customers reported getting an e-mail message that included their home and e-mail addresses. "I hate to inform you that your account has been hacked," said the e-mail, viewed by CNET News.com, from someone identified as Zilterio. Webcertificate, a unit of electronic-payment company Ecount, was hacked on Aug. 21, a representative said. Shortly afterward, the hacker, who claimed to have also stolen credit card numbers of 350,000 of the company's customers, contacted Philadelphia-based Ecount and tried to extort the company, said Matt Gillin, Ecount's chief executive. The caller demanded $45,000 in exchange for not disclosing the information. The company refused to meet the demands, Gillin said. After notifying the FBI, Ecount informed customers Aug. 28 that the break-in had occurred, and it assured them that their credit card information was safe. Because the company stores credit card information offline, it would be impossible for the hacker to steal it electronically. What the hacker thought were credit card numbers were really 16-digit serial numbers used to identify gift certificates. Ecount has canceled those codes. "There is no financial liability to the company or our customers," Gillin said. The FBI could not be reached for comment. Hackers continue to plague the Internet even as technology companies have poured millions of dollars into developing security technology. But the costs of fortifying a Web site with the latest security technology can be enormous, and often hackers prove to be more than a match for the electronic barricades. Companies such as the now defunct Egghead.com, Amazon.com-owned book service Bibliofind.com and Creditcards.com have seen their sites broken into and customer information--in some cases, credit card information--swiped by thieves. Executives of Ecount said they anticipated the hacker would e-mail customers whose information was stolen. Last week, the company tried to preempt the hacker when it warned customers to expect a message from the hacker and informed them why the company would not agree to the hacker's demands. In the e-mail to Webcertificate customers from Zilterio, the author declares that the security breach was a result of "weak security," an apparent attempt to embarrass the company. Ecount said that the attempt to undermine the company's relationship with its customers failed; most customers support the company in its fighting against Internet thieves. But some damage may have been done. One customer told News.com that she would no longer use Webcertificate. "This disturbs me, that this guy has all of my personal information," said Nancy Parker, a frequent Webcertificate customer over the past two years who was shocked to see her personal information in the e-mail. "What's from keeping it from happening again?" Gillin said that immediately after the attacks, the company began bolstering the site's security. "We're doing all we can to make sure that this never happens again." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST