Security Breach Question

Discussion in 'privacy problems' started by Tham, Sep 22, 2006.

Thread Status:
Not open for further replies.
  1. Tham

    Tham Registered Member

    Joined:
    Sep 22, 2006
    Posts:
    9
    Hi,

    I'm Tham from Kuala Lumpur, Malaysia.

    I would be happy if anyone could enlighten
    me on the following situation.

    One of my female friends in the Dayton, Ohio, purchased
    some vitamin supplements online from a supplier in
    California earlier this month. The order form on their
    website was secure with 128-bit encryption.

    Several days later, it seems someone accessed her
    account on this supplier's website and ordered some
    products for himself using her credit card. He did the
    same thing at two other sites, which my friend had visited
    and bought stuff from about the same time as the
    vitamin supplier.

    Since these sites are all secure, he was very unlikely to
    have obtained her credit card number when her orders
    were being transmitted. Thus my first hunch was this guy
    had inserted keystroke logger malware on her computer,
    obtaining her username and password for each account
    she created at all three sites. He didn't need her credit
    card number, which had already being stored in her
    account on these merchants' servers.

    However, scans with A-squared, Ewido and Ad-aware did
    not seem to detect any malware. Nor did her McAfee
    antivirus.

    This leaves me very puzzled. Could it be perhaps I have
    read that while the site itself is secure, the line between
    the user and the site itself is not, and any data being
    transmitted is open to interception ?

    Thank you very much.


    Kind regards,

    Tham
     
  2. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I don't have much dealings with the data communication aspects in my line of work, however, I do know that any communication can be intercepted when you send or receive data though any communication line. Most servers try to encrypt the information so that only the sender and receiver will be able to see the "actual" information. Any hacker would only see garbage data if it should be intercepted. A lot of recent news reports of company websites and databases being hacked and their customer information being accessed by intruders raise concerns on how secure your data is when you buy something online. I wouldn't discount that possibility in your situation. You probably need a IT communication specialist to research which may have happened in your case.
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Find out if anyone, roommates, family members, friends, spouse, could have used her computer to place the order.
    Find out if it is possible to place orders with just the user name and password or do you need to enter the full credit card number every order.
    Find out if she is using a wireless technology like wireless keyboard or wireless router/access point and lives in close proximity to others like an apartment or nearby houses.
    Did she use the same user name and password for all 3 stores?
    Was it a weak password less than 8 characters and using common words/names found in a dictionary?
    Did she ever open an email attachment?
    Was she a safe computer user? Or did she suddenly become a safe user after the incident?

    Besides the 3 charges, are there any other unauthorized charges on her card?
    She should contact the stores to cancel the orders and notify them of a possible data breach.
    It is difficult to tell if the store was hacked or her computer at this point with limited info.
    If the store cannot cancel the orders and credit her account, then she should contact her credit card company and reverse the charges and get a new card.
    If she uses the same password everywhere, she should change that behavior. Something like RoboForm can help.

    Find out as much info as possible about the "people" who placed the bogus orders.
    Where was the order shipped to? In the same state?
    Especially contact the store and ask for the IP address that the order was placed with.
    This will help her hunt them down.

    If there was a padlock in the browser during entry of credit card details, then the connection between the browser and the store was secure. If her computer or the store is compromised, then it doesn't matter if the connection was secure because the data at either end is decrypted.
     
  4. Tham

    Tham Registered Member

    Joined:
    Sep 22, 2006
    Posts:
    9
    Thanks, Ccsito and Devinco.

    She was the only one who used the computer. She
    stays alone in a small apartment. Her grandkids come
    visiting occasionally, but they are too young and her
    children don't use her computer.

    She is using a normal CPU, not wireless or laptop.

    Yes, unfortunately she used the same user name and
    password, six characters. She said she didn't open any
    email attachments around that time.

    However, the user account creation form on one of
    these sites, for some free samples order, which
    required the filling of credit card details, was unencrypted.
    This was puzzling, since they had a link for verification
    on Verisign's website at the bottom, beside the windows
    where one filled the credit card numbers, which verifies
    the site's security. I'm not sure if the next page was
    encrypted when one clicks the button and transmits the data.
    Looks like a UK store.

    hxxp://www.bouldernature.com/OrderForm.do?layout=cortiban1page&referrer=hp&program=69


    All three stores refunded her money and credited her
    account. That's something good about American and
    UK stores, I think. In Malaysia, they don't really do
    that and one is left to fill in a dispute form with the
    credit card company, which can be weeks before and
    IF they credit you back. She got her money back within
    a couple of days after getting her card statement and
    notifying the card company and merchants. The card
    company (the bank) is investigating and has notified the
    police.

    I told her to access her accounts on the three sites and
    from the order history, find out where those bogus
    orders were delivered and contact the store to get
    the IP address where the orders came from, but she was
    afraid to mess around gain (she's almost computer
    illiterate) and wanted to leave it to the police.

    I did get her to scan with F-secure's Black Light rootkit
    scanner, and she said it found and deleted two items,
    didn't know what they were. Maybe those were preventing
    the malware scanners from detecting the malwares.
    I also told her to stop using Internet Explorer immediately
    and switch over to SeaMonkey, Mozilla or Firefox, which
    she did.

    http://www.majorgeeks.com/F-Secure_BlackLight_d5156.html


    She's scanning with Ewido now. Thanks again.
     
    Last edited by a moderator: Sep 23, 2006
  5. JinxGenius

    JinxGenius Registered Member

    Joined:
    Sep 23, 2006
    Posts:
    13
    Location:
    Internet
    I have a question, how's the hardware configuration? I mean, over the "networking" and internet connection thingy, if you do have a LAN, or VPN or anything similiar to that, then I do suggest you read my point of view.

    In Hong Kong recently there is a case that a kid installed a keylogger over the target's computer and kinda mess up someone's life around, well, I'll skip the software part because it's not a major concern since we have programs that can give us a better view what the hell is going on; that kid was caught because the software is found;
    the point is: what if he uses a hardware keylogger? that you don't even noticed? only once for a night and unplugged next morning can leak so many information already.

    AND this is even WORSE(if you are in a LAN): ever heard of "man-in-the-middle" attack? yea, you can still connect to the site and do all encryption as they says, thus I don't need to hack either you nor that company's computer, because my target is "you", from your case, I don't think it's you that having a bad luck and having a few different accounts stolen off the edge. This is how it works, I'll tell you computer to connect to me first, then off to the internet, even website with encryption can still steal ANY information, no matter what IDs and passwords, he/she'll have a record of ANYTHING YOU EVER TYPED and PRESS ENTER(well, as much as he sets those field_id up, it's totally possible and do-able).


    "That program" is possible to "listen" over all major communication ports, such as HTTP, telnet, RDP(Remote Desktop Connection), SMTP, etc.

    So......
    I'd say......you obviously get "plugged".....
    better paid someone to honeypot him...... lol.....
     
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    OK. That removes some possibilities.
    It is not a MitM (Man in the Middle) attack. A hardware keylogger is extremely unlikely as it would require physical access to the computer twice (once to plant the device and once to retrieve it).
    A software keylogger is possible to pick up remotely with a malware infection.
    It is also possible to install a software keylogger with physical access to the computer, but this is again very unlikely.

    That is not a very strong password. Then it may have been that some kids just brute forced the account by trying lots of variations.
    Here is some advice on passwords:
    http://geodsoft.com/howto/password/password_advice.htm

    That's good. She will benefit if she learns a little about computer self-defense.


    The form on this page DOES submit to a secure url:
    hxxps://www.bouldernature.com/OrderProcess.do
    So the data submitted there was secure between her web browser and the website.
    Packet sniffers along the way would not be able to see the contents of the connection.

    It is not the best way for a site to set up such a page, because you cannot view the certificate of the domain that you are submitting to. The page could have just as easily been secure (have the padlock) and would make the customer at least feel more secure.

    The website is owned by Whole Health Products, Inc. which is based in Colorado.


    That's good she was credited by the stores. She should also request a new credit card and watch her statements.
    That's too bad she does not want to investigate further, because the police and the credit card banks will do nothing about it.

    It still could be malware. Hopefully with your help, she will be rid of it.
    I wish her good luck.
     
    Last edited: Sep 23, 2006
  7. Tham

    Tham Registered Member

    Joined:
    Sep 22, 2006
    Posts:
    9
    Thanks again, Devinco.

    Yes, I did try clicking the "Order Now" button on the Boulder Nature
    form, and the next page opened up with 256-bit encryption. The data
    would then appear to have been encrypted during transmission.
    However, that first page itself did not appear to be secure (no padlock ?).
    Thus, if there was a keylogger on her system, might the hacker
    technically have been able to record the keystrokes of her username
    and password, as she filled in the form, before sending it off ?

    After using the Black Light rootkit scanner, scans with Ewido and
    Super AntiSpyware didn't seem to detect anything again, though.
    Quite puzzling.

    Another possible explanation might be he did manage
    to decrypt the transmission. At the Defence Services Asia
    2004 exhibition in Kuala Lumpur, I happened to chat with
    an executive at one of the stands who supplied flash memory to
    the military. He said he actually had the software to decrypt
    128 and 256-bit encryption, but it would take from 6 months
    to a year.

    However, I didn't knew it would be this easy :

    http://www.tinhat.com/surveillance/code_breaking.html


    She mentioned yesterday that the police called and asked if
    she was willing to testify in court, so possibly they had caught
    the culprit(s).
     
    Last edited: Sep 26, 2006
  8. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    The padlock means that there is a secure connection between the web browser and the website. Anyone "listening" (packet sniffers) in between the browser and website will only get encrypted data, useless to them.
    A keylogger is a program that is in between the keyboard driver and operating system. So if there is a keylogger installed, it will capture all the keys typed whether she is online or offline, secure website, or regular website.

    Ewido and Super AntiSpyware are easy to use, but Rootkit scanners usually require more technical expertise to use effectively.

    I really doubt a petty thief would be able to crack 256 bit SSL encryption.
    Don't buy into all of the tinfoil hat conspiracies.
    Yes there are a lot of bad things going on, and governments have powerful tools, but I don't think it is the case here.
    I think either the website had some vulnerability, her password was too weak, or her computer was compromised.

    Well that will be a first!
    Let us know what happens and how the website accounts were actually broken into.
    Then maybe we can all learn how to prevent this from happening again.
     
  9. DJ BIS

    DJ BIS Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    50
    I had never had any problems with Credit Card use on the internet. Today, nearly just a month after testing (and finally buying) NOD32 I get a call telling me that my credit card has been used from Great Britain.

    Earlier today I also received an email from Ebay saying that my account info had been compromised and I needed to change the password. No, I did not give my credit card info to anyone through some stupid phishing email... I am concerned that NOD32 is not doing its job with OUTLOOK.

    Getting a hold of phone support isn't working either. :thumbd:
     
  10. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Welcome to Wilders DJ BIS.
    Are you implying that the Eset website had a security breach with your credit card?
    You might want to post in the NOD forum so that they can learn about this.
    But I don't think the loss of your credit card number was because of a lapse at a computer security company. It's not impossible, just very unlikely.
    I've never had a problem with paying by credit card for years at Eset.
    There are data breachs going on everywhere lately, so your card data could have been leaked from elsewhere.
    The breach could have happened months ago and the crooks are only now getting to your account.
     
  11. DJ BIS

    DJ BIS Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    50
    DEVINCO, thanks for the quick reply.
    No, I have been experiencing some problems with the EMON module and having some other issues with NOD32 and OUTLOOK. I had been using PC-Cillin for years until a friend recommended NOD32 to lower resource demand on my system. So I did it and a few days later there are transactions being made from Europe with my credit card.

    I don't shop from unsecured sites and my data is rather safe in my home.

    I have a feeling that NOD32 missed something and could be the reason why I am going through this.

    I hope thats more clear. :)
     
  12. Tham

    Tham Registered Member

    Joined:
    Sep 22, 2006
    Posts:
    9
    I receive these con mails all the time. Here's one attached, traced
    to Romania. This Melissa IP Locator is quite good, I used a couple
    others, All Nettools and Geobytes, which couldn't trace anything.


    http://www.melissadata.com/Lookups/iplocation.asp?ipaddress=86.105.45.8&submit=submit

    http://www.all-nettools.com/toolbox

    http://www.geobytes.com/IpLocator.htm
     

    Attached Files:

  13. Tham

    Tham Registered Member

    Joined:
    Sep 22, 2006
    Posts:
    9
    Avira's Antivir, even the free version, is actually quite
    good. A few months ago, I was infected with a trojan
    horse which I think was part of the Spywarequake
    program and inserted some 16 files in my window's system32
    folder which became memory resident, as well as
    numerous registry entries.

    It kept popping up the usual "Your computer is infected
    with spyware, etc" on my desktop, and an icon in the
    taskbar. I found the registry entries in the startup "run"
    section and deleted them, but they were regenerated
    on rebooting. I had AVG resident and it was useless.

    I downloaded the shareware version of Prevx1, which
    detected and removed all the registry entries and all
    the memory resident files except one, dvdcap.dll, which
    was the culprit responsible for regenerating the registry
    entries and for some reason could not be removed. I tried
    downloading Antivir, ran it, and it detected this file but
    couldn't remove it as well.

    I was thinking of going into safe mode and removing
    it manually, but finally I ran Avast, which detected it and
    was able to take it out from memory in windows.

    I decided to test whether the three antivirus programs could
    detect the 15 files quarantined by Prevx1. Both AVG and Avast
    couldn't detect anything. Antivir, however, detected 14 of
    them, missing only one. The scan log is attached.

    Since Prevx1 is shareware, I've since taken it out and am using the
    free version of Antivir. Memory usage is about 20 mb, compared to
    40 mb for the paid premium version which can further detect scripts.
     

    Attached Files:

    Last edited: Sep 28, 2006
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi tham!
    a totally unrelated Q but I want to know why someone need to buy Vitamin online? I just wonder.
    Online vitamin sales are useless I think, they just deceive the people( even secure). Correct me if I am wrong. It,s OT but I could not resist. Sorry.
     
  15. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Well if you are talking about buying those little blue pills online, then I agree. :D
    But there are very reputable vitamin suppliers online.
    You just have to find the ones with a good reputation.
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ya, I mean all that but in my knowledge more than 90 % of people who buy Vitamins don,t need them medically.
    Now I will stop here as some mod will sure come in otherwise.
     
  17. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Vitamins are enzymes used by the body to perform your daily internal bodily functions (such as antioxidants to neutralize free radicals). In many cases, small amounts are needed to avoid getting nasty medical problems (such as tumors). However, I do agree that the megadoses that some people take can work against you. I think most people don't take the recommended minimum daily amounts so they could be neglecting their health. But anyhow that is straying off the topic (I majored in Biology). :D
     
    Last edited: Sep 29, 2006
  18. Tham

    Tham Registered Member

    Joined:
    Sep 22, 2006
    Posts:
    9

    No, don't believe what you may read in the newspapers every
    now and then about some "expert" (doctors, hospital dieticians,
    professors, etc) telling you that we get all the nutrients we need
    from a "balanced" diet, that vitamin supplements are a complete
    waste of money, the supplement industry is a multi-billion dollar
    rip-off, etc etc. (as my office manager mentioned, what the ****
    do these people know about vitamins ?). Common sense will dictate
    that, even if we can eat a completely nutritious and perfectly balanced
    diet (which is realistically impossible), what are the chances of our
    gastrointestinal systems absorbing all the essential nutrients, or
    sufficient amounts of them, particulary as we age ? And, even if
    (theoretically) we can absorb everything, what are the chances of
    them all being sufficiently transported to our cells, particularly the
    brain ?

    This might sound like something from "Space 2020" to you.
    I'm what you call a life extensionist - "freaks" who takes not only
    basic vitamins, but cutting-edge supplements and even some
    drugs in an attempt to live longer, or at least healthier in old age.
    I've been studying aging for the past twenty years. I'm quite familiar
    with the usual theories of aging - the free radical theory, the
    Hayflick limit, the cross-linking theory, the neuroendocrine theory,
    the mitochondrial theory and the "newest kid on the block" - the
    telomerase theory. I first took an interest in this when I bought two
    books, "Meganutrition" by Richard Kunin and "Ageless Aging" by
    Leslie Kenton, way back in 1986.

    I know for a fact that supplements, particularly the cutting-edge ones,
    slow down aging, help to prevent the degenerative diseases of aging,
    boost your chances of living longer or, at the very least, live healthier
    as you age. That, I am very certain. You will not only look younger for
    your chronological age compared to your peers, your body will stay
    younger. You'll have far less likelihood, as you age, of getting heart
    disease, cancer, diabetes, neurological diseases such as Alzheimer's,
    Parkinson's and general memory impairment and senility. And even if
    you have such diseases, supplements will help to treat and improve
    them. It's never too late to fight aging. Don't buy what doctors tell us
    that you can't do anything about aging, that it can't be "treated".
    True, death is inevitable, but there's a lot you can do to delay it and
    likely extend your lifespan. There may be only one catch to living to
    120 though. My office manager said that I'll be a lonely old man by
    then - all my relatives and friends would be long dead !

    Here's an example of a common vitamin having cancer-fighting
    properties. The "dry" form of vitamin E, called tocopherol succinate,
    has the ability to cause cancer cell apoptosis (programmed cell death).
    The bulk of the research is on breast, prostate and colon cancer.
    The more common oily form which you find in softgels, which is
    tocopherol acetate, does not appear to have this powerful activity,
    or even if it has, is likely not so potent. You can find tocopherol
    succinate in any health food store in the USA. That is why I order
    most of my supplements online - you won't find supplements like this,
    let alone the cutting-edge ones like acetyl l-carnitine and astaxanthin,
    in Malaysia.

    The links are from Medline, which I access every now and then :

    http://www.ncbi.nlm.nih.gov/entrez/...ctPlus&list_uids=10945959&itool=pubmed_docsum

    http://www.ncbi.nlm.nih.gov/entrez/...ctPlus&list_uids=15570054&itool=pubmed_docsum

    http://www.ncbi.nlm.nih.gov/entrez/...ctPlus&list_uids=16380976&itool=pubmed_docsum

    http://www.ncbi.nlm.nih.gov/entrez/...ctPlus&list_uids=11895920&itool=pubmed_docsum

    http://www.ncbi.nlm.nih.gov/entrez/...ctPlus&list_uids=12175981&itool=pubmed_docsum


    I order mostly from Betterlife.com in Santa Ana, which was the one I
    linked to my lady friend from Dayton above. She had diabetes, so I
    suggested to her to try chromium which improves the cell's response
    to insulin, and in doing so, lowers blood sugar. She later ordered
    a multi for diabetics, and some others to prevent osteoporosis too.
    I've been ordering from them for the past few years, and they are
    quite reliable. Betterlife, like many others online, is actually a retailer,
    and they source from many reputable brands like Now, Source Naturals,
    Solaray, Kal, Twinlab and Rainbow Light. For a good, comprehensive,
    advanced and not too pricey multivitamin formula, here is what I get for
    my brother :

    http://betterlife.com/prod_home_page.asp?prod_id=7629


    If you wish to know more about life extension, here are three
    of the principal sites on the net :

    http://www.lef.org/

    http://www.worldhealth.net/

    http://www.imminst.org/


    Really serious life extensionists take a whole range of cutting-edge
    supplements and drugs daily (easily 30 different types) in addition to
    an advanced, expensive basic multivit formula and practice things like
    caloric restriction (CR), which I don't. CR is a proven technique of
    extending lifespan in animals :

    http://www.calorierestriction.org/


    Here are two of the better known multi formulas taken by life
    extensionists :

    http://www.lef.org/newshop/items/item00836.htm

    http://www.aor.ca/products/ortho_core.php


    I used to take part in LEF's forum. Since their very well-informed
    moderator, Tom Matthews, left some years ago, I've switched to
    Immortality Instititute's forum. I take part there, mostly in the
    supplements section, when I have the time. Here's one of my posts.
    Feel free to join in anytime, basic membership is free.

    http://www.imminst.org/forum/index.php?act=ST&f=6&t=11696


    Lastly, as an example of what an antiaging supplement and drug
    protocol can do, this is Lex, the dog of Ronald Klatz, the President
    of A4M. You can also read this in his book, "Stopping The Clock".

    http://www.worldhealth.net/p/133,1125.html

    The single most important item which pushed Lex to that age
    (human equivalent of 115) was likely PBN (phenylbutylnitrone),
    a spin trapping agent which has been used to extend lifespan in
    animal trials. Some life extensionists are also be taking it.

    http://www.geronova.com/pbn.htm

    Other critical supplements/drugs in Lex's protocol are Deprenyl
    (normally given for Parkinson's, but taken by many life extensionists),
    DHEA, melatonin, coenzyme Q10 and the aloe vera extract, Acemannan.
    Note that they could very likely have pushed Lex past the human
    equivalent of 120, had they not decided to put him to sleep after
    the leg handicap caused by his stroke before that. While my own
    principle would have been to preserve life no matter the odds,
    their decision also demonstrates one of the basic motives of life
    extension itself - to improve the quality, not just the quantity of life.

    I think it's time to stop here, before this security forum turns
    into a life extension forum and I get banned by the moderators !
     
    Last edited: Oct 2, 2006
Loading...
Thread Status:
Not open for further replies.