Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-08-01 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cash from the Cache; Port 32772

Published: 2005-08-01
Last Updated: 2005-08-02 12:17:57 UTC
by Lorna Hutcheson (Version: 1)
0 comment(s)

Cash from the Cache


You never can tell where you will find things and today was no exception. We received a report from Colin Keith about some interesting information that was found in Google's cache. It seems an order for Internet services triggered a little looksy by the sales department. Due to the dollar amount of the request, they checked the account name being given with a highly sophisticated tool. Yes, a google query soon brought up the individual's name as well a bit more than they bargain for. It seems ALL of this individual's personal information was found on the web in Google's cache to include the following information of which no data was missing from ANY of these fields:



First name:

Last name:

Address:

City:

State:

Zipcode:

Phone:

SSN:

Mother's Maiden Name:

Driver Licence:

Issued State:

DOB:

Card Type:

Card name:

Card number:

Expiry Date:

CVV2:

ATM Pin:

Bank Name:

Bank Phone:

Routing Number:

Account Number:

Paypal Email:

Paypal Password:



It really only gets worse. This was not the only person who had their account information here. Granted the Google cache dated from 2004, but that doesn't really matter when you have this kind of information laying around. Obviously someone was attempting to use it. Other things included in the cached info for some folks included purchase information such as the product and quantity purchased, how the product was to be shipped, where it was to be shipped, cost, subtotal, tax, shipping and even special instructions such as notes to be attached to the item if it was a gift.



I don't want to even attempt to guess where this information was illegally obtained from considering the different types of information involved, the location of the website and the location of the requestor. Yes, we have reported it. What I do want to focus on is the fact that MANY people's personal as well as financial data was sitting out on the Internet for anyone to access if they just looked. Given the fact that the information has been sitting out there now for over seven months, only further drives home the point of how critical it is to do Google searches on yourself. Keep in mind that this too has its dangers. Though some may disagree with me, I wouldn't be entering my credit card information and searching on it. Also, please do this from a patched machine, firewall turned on, antivirus updated and using a safe web browser. However, it is important to put your name, as well as your family members' names, in Google and/or other search engines, and see what turns up. Use different combinations of your name as they might have used in the past, and consider looking for old email addresses that may have been used as well. When you get the results, don't just go to the web site, but also click on the link for the cached information and see what used to be there. None of the data above was found on the current website, just in the cached information. None of the information would naturally be found on this type of site. So, before anyone attempts to get cash from the cache using your name, beat them too it by making sure no information about you is out there that should not be.



For any of you who work with/for the different search engines or have first hand knowledge about how to get cached information removed, we would appreciate you dropping us a line with some details.



Port 32772


Okay, curiosity will be my down fall yet. This port has had a significant jump in it for the last couple of days. The targets are few, but the source and the record numbers have really spiked. Anybody seeing any traffic on this or have any ideas? Please pass them our way if you don't mind. Packets are always nice and welcome as well:>)


Lorna Hutcheson

Handler on Duty

http://www.iss-md.com

Keywords:
0 comment(s)
Diary Archives