British detectives are investigating a massive data theft operation that stole sensitive information from 8,500 people in the UK and others in some 60 countries.
In total, cybercriminals targeted 600 financial companies and banks, according to UK authorities, who have worked over the past week to identify and notify victims.
Through intelligence sources, UK police were given several gigabytes of data - around 130,00 files - that came from a server in the US, said Charlie McMurdie, detective chief inspector for the Specialist Crime Directorate e-Crime Unit of the London Metropolitan Police. Most of the data related to financial information, she said.
The data was collected by a malicious software program nicknamed Haxdoor that infected victims' computers. Some 2,300 machines were located in the UK, McMurdie said.
Haxdoor is a powerful program that collects passwords and sends them to another email address. It also disables a computer's firewall, among other functions, according to a description posted on security vendor F-Secure's website. Symantec, another security company, said it first detected Haxdoor in November 2003.
Computers can get infected with Haxdoor if they don't have security patches or up-to-date antivirus software. London police said it's believed many victims were infected through instant message programs.
Programs such as Haxdoor are often sent as attachments in spam and, if opened, infect the computers without the user's knowledge. The programs can also be distributed through unsolicited instant message links.
Metropolitan police experts built a special program to search through the data and identify victims. The data contained information such as logins and passwords for major websites such as eBay, Amazon, BT and Pipex.
In some instances, Haxdoor employed a screen-capture function to obtain information, McMurdie said.
Over the past week, the unit has contacted UK banks and other financial institutions to notify them what account numbers were compromised so those institutions could contact their customers, she said. But the data also showed information collected from computers in Germany, France, the US, Italy and Spain, but the number of victims is not known, she said.
The unit is working with Interpol, the international police organisation, to find trace those who were collecting the data. "This is a significant theft of data from the UK and globally," McMurdie said.