Web firm sounds alert on criminal data trove

By Mark Trevelyan, Security Correspondent

LONDON (Reuters) - A Web security firm said on Tuesday it had tipped off international banks and police after finding a huge trove of stolen business and personal data amassed on a server in the space of just three weeks.

Finjan Inc said it had notified the U.S. Federal Bureau of Investigation, police in various countries and more than 40 financial institutions in the United States, Europe and India about the discovery of the so-called "crimeserver".

"This server was running for about three weeks and within this period it managed to collect 1.4 gigabytes of data. It is indeed the largest treasure we've found in this very short time," Yuval Ben-Itzhak, chief technology officer of the California-based firm, said in a phone interview from Israel.

The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain.

It included company personnel files, insurance details, social security numbers, medical records, credit card details and exchanges of confidential business email, in one case including details of a pending court case.

Ben-Itzhak said it was striking that the crimeserver itself was not security-protected, meaning anyone could potentially have accessed it over the Internet.

"The server was not secure at all. It indicates that these people that are doing the crime today, they are not security experts, they are not computer science experts.

"They are people who are buying the crime toolkits ... software packages that hackers, the smart people, are selling," he told Reuters.  Continued...