[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Rampant hacking ( formerly: Better than Black Ice )



PureBytes Links

Trading Reference Links

Mark I was turned down by PC Connection the other day because my account had
been used to ship computer parts to my girlfriends business and PC
Connection picked up her name for my credit card. Naturally they called her
at work about my credit card so it took a couple of days to get my overnight
order fixed up.  Most credit card authorization sites get your exact name as
it appears on the card and mailing address.  If this information doesn't
agree exactly you get turned down as I did.  I'm surprised that there are
sites out there that are as careless as you reported.  Scary!

By the way I love your JMA.  Need to remember to buy some of your other
indicators with my credit card naturally.


Jimmy


-----Original Message-----
From: Mark Jurik [mailto:mark@xxxxxxxxxxxx]
Sent: Monday, March 13, 2000 2:05 PM
To: omega-list@xxxxxxxxxx
Subject: Rampant hacking ( formerly: Better than Black Ice )


>>  ZoneAlarm blocked several attacks (on one day 3 attacks).<<

It is incredible how many illegal access attempts I'm getting from all
around the world.  All were blocked.  Below is a segment of my log.  Anyone
using ADSL or cable without a firewall is asking for trouble.  According to
a federal report, the fastest growing crime is "Identity theft" where your
SSN and other important means of identification are used by others to
purchase  items at your expense.  With loads of unpaid invoices, your credit
rating can tank in days, making your life miserable.  Get with it....get a
firewall.


date    Colorado my     from            from  ISP location        ISP WHOIS
        time     port   IP address      port
----------------------------------------------------------------------------
---------
3/1/00                  24.42.85.95           Toronto, Canada
Rogers@xxxx
3/1/00                  194.102.93.47         Bucharest, Romania  DIGICOM
3/2/00  10:49    TCP    24.68.53.85     TCP   Calgary, Canada     Shaw
Fiberlink
3/2/00  12:07    TCP    24.112.182.231  TCP   Toronto, Canada
Rogers@xxxx
3/2/00  13:51    UDP    38.26.145.216   UDP   Herndon, VA
Performance Systems
3/3/00  23:02    FTP    211.0.81.130    TCP   Tochigi, JAPAN      Ishinkan
Hotel Ltd.
3/4/00  01:49    TCP    207.44.231.3    TCP   San Francisco, CA   S E R
Consulting
3/6/00  13:43    TCP    38.228.112.210  HTTP  Herndon, VA
Performance Systems
3/7/00  15:51    TCP    204.71.198.39   HTTPS Sunnyvale, CA       GLOBAL
CENTER, INC.
3/7/00  17:46    TCP    198.41.0.8      HTTP  Herndon, VA         Network
Solutions
3/9/00  15:43    UDP    212.106.212.79  UDP   Madrid, Spain       Jazz
Telecom S.A.
3/9/00  18:03    Telnet 145.236.216.11  TCP   Budapest, Hungary   Hungarian
Telecom
3/9/00  23:40    TCP    206.133.71.33   TCP   Herndon, VA         Sprint
3/10/00 19:29    FTP    24.25.112.252   TCP   Roseville, MN
TimeWarnerCable


AND IF THAT IS NOT BAD ENOUGH...

Hackers found a cheap way to get valid credit card numbers.  Yours maybe.
Many web sites offer online prurchasing by credit card.  All a hacker needs
to do is set up a program that tries to order something using randomized
credit card numbers and for each number, sequence through the 12 months.
When a bad number is provided, the web site graciously responds it was a bad
number, so the program tries another combination.  Eventually, the program
gets lucky and hits on a valid CC number and expiration date.  That number
is then used for ordering software that can be downloaded upon credit card
approval.  This way, the hacker cannot be traced.  One of my credt cards was
discovered this way and I had to cancel it and get a new one.  VISA was nice
enough to reverse charge all illegal purchases.

One way to prevent this is for the online store to require the purchaser's
ZIP code to also match what's in the database, but many stores don't bother
and those are the portals hackers use.  Eventually, those stores will suffer
from enough reverse charges to change their policy.  But by then, new stores
will pop up and make the same mistake.

Therefore, through no fault of your own, someone could now be making
purchases with your CC information. The only thing you can do, short of
canceling all your CCs, is to review your monthly statements as soon as they
arrive and notify the CC firm of any unfamiliar purchases.

- Mark Jurik