We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Huge ID theft scam targets Brits

Criminals steal sensitive data from 8,500 people

British detectives are investigating a massive data theft operation that stole sensitive information from 8,500 people in the UK and others in some 60 countries.

In total, cybercriminals targeted 600 financial companies and banks, according to UK authorities, who have worked over the past week to identify and notify victims.

Through intelligence sources, UK police were given several gigabytes of data - around 130,00 files - that came from a server in the US, said Charlie McMurdie, detective chief inspector for the Specialist Crime Directorate e-Crime Unit of the London Metropolitan Police. Most of the data related to financial information, she said.

The data was collected by a malicious software program nicknamed Haxdoor that infected victims' computers. Some 2,300 machines were located in the UK, McMurdie said.

Haxdoor is a powerful program that collects passwords and sends them to another email address. It also disables a computer's firewall, among other functions, according to a description posted on security vendor F-Secure's website. Symantec, another security company, said it first detected Haxdoor in November 2003.

Computers can get infected with Haxdoor if they don't have security patches or up-to-date antivirus software. London police said it's believed many victims were infected through instant message programs.

Programs such as Haxdoor are often sent as attachments in spam and, if opened, infect the computers without the user's knowledge. The programs can also be distributed through unsolicited instant message links.

Metropolitan police experts built a special program to search through the data and identify victims. The data contained information such as logins and passwords for major websites such as eBay, Amazon, BT and Pipex.

In some instances, Haxdoor employed a screen-capture function to obtain information, McMurdie said.

Over the past week, the unit has contacted UK banks and other financial institutions to notify them what account numbers were compromised so those institutions could contact their customers, she said. But the data also showed information collected from computers in Germany, France, the US, Italy and Spain, but the number of victims is not known, she said.

The unit is working with Interpol, the international police organisation, to find trace those who were collecting the data. "This is a significant theft of data from the UK and globally," McMurdie said.

IDG UK Sites

Samsung Galaxy S6 review: Hands-on with the new Samsung Galaxy. Samsung's flagship is more iPhone-lr......

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Ractive powers The Guardian's interactive infographics – and lets novice coders build complex...

IDG UK Sites

What does that mean? A jargon-buster dictionary of tech terms for Apple fans