In our recent MPOM report, we reported on a Crimeserver hosting 1.4G of unprotected stolen data, including passwords, medical data, emails etc.

Many people asked us how we found the data. Was the data secure or not?

Although we cannot disclose all information to the public (for obvious reasons), I can say that the data on that Crimeserver was unprotected, meaning anyone could access it.

Today we came across another Crimeserver - it seems that we are finding one every other day...

To demonstrate how easy it  is to access the data and how vulnerable the data are once stored on an unprotected Crimeserver, I want to share the following very interesting example with you.

As we disclosed in our Q3/2006 Trend report, malicious code is hosted on caching servers of leading Search Engine Providers. This time we reported in our recent MPOM that stolen end-user data is also stored on these caching servers. Yes, your passwords, Social Security numbers, Online banking information …. no data is safe, as the  examples below illustrate.

Let’s say we are looking for some stolen login credentials. How would  we look them up? Simple:  search engine...

We typed the Crimeserver domain [site:crimeserver_we_cannot_disclose] and added popular keywords:

Lets see if we can find some passwords...

Interesting, no? We found passwords and usernames stolen from end users on a public caching server - that’s right Google cache!

The results above and below, are based on the Logs files available on the Crimeserver we found. These Log files stored stolen data collected by Trojan horses running on infected end-user PCs. Google just indexed these Log files as they do with any other public file on the Web (e.g. your website!)

What if we try to be more specific and focus on something more exciting, lets say banks......

Now we are talking!

What about  Social Security? Let’s take a look…..Success again!

And so it goes on, you can fine-tune your search to find emails, AIM,  FTP - whatever you think can be useful.

As we indicated above, the data on the Crimeserver was unprotected so search engines managed to index it and cache it on their own server – free for  everyone to search for.

Cool, huh…
Well that’s  not all, after we got the Google’s results, we tried to do something that we never even gave a chance before: searching for usernames and passwords of internal databases of companies...

Here we go again, all is available on the cache server...

Please note that  when we report on stolen data hosted on an unprotected Crimeserver , that’s what we really mean to do.
It’s not a hoax as some people wrote;  it’s 100% harsh reality.
We share our experience and findings with you to increase public awareness of  the growing cybercrime problem.

But please,  don’t blame Google - they just indexed the unprotected Log files found on the Crimeserver as they do with any other public file their crawlers find on the Web.  We love to google!

Posted by Ayelet Heyman