Monday, September 1, 2008

Stolen data live on in Google searches


(07-06) 17:35 PDT --
A Centennial State adult female logged on to her computing machine in April, voted on a CNN poll, shopped for air hose tickets and deliberate payments for a $25,000 auto loan from H. G. Wells Fargo.

She didn't surmise that a malicious software system programme was recording every keystroke - frequent-flier numbers and passwords, her place computer address and telephone number, an online conversation she was having with some friends.

But it was, and calendar months after government were alerted to the breach and handicapped the waiter in Malaya where her information were being stored, the information was still available online - in a Google search.

The woman, who asked not to be named, was shocked to have a phone call from a History newsman request if she recognized the personal information, which had been crawled and stored by Google as Google caches all unprotected information it happens on the Web.

"Google looks so friendly," she said. "I don't understand why they don't make a better occupation protecting our data."

Google spokesman Michael Kirkland said that in general, the hunt engine doesn't take cached data, which vanishes automatically at some point after its beginning is taken down. Google anticipates Webmasters to take job content themselves and supplies tools to assist them make it.

"Google, like all hunt engines, is a contemplation of the content and information that's available on the Internet," he said. "We actively work to maintain users informed on how they can remain safe online."

In this case, however, Google did take the cached pages, but it took the company two attempts to cancel them.

Such incidents of information larceny have got got go so common that some cybercrime trackers have given up on contacting Internet users to allow them cognize their personal information have been exposed. Sensitive information all over

Finjan, the Israeli security company that discovered this peculiar stash, said it happens similar information stored on waiters around the human race nearly every other twenty-four hours - Sociable Security numbers, medical records, confidential concern records.

Law enforcement is ill-equipped to procure this practical Wild West, where sensitive information can stay in Web land site caches long after a waiter have been disabled.

Finjan reported the purloined information to a assortment of authorities, but one of them, the FBI, said it wasn't concerned with the cache - only the grounds on the server.

"We state people we can't be responsible for protecting information or ensuring that whatever is happening is all cleaned up," said Joe Schadler, a spokesman for the FBI's San Francisco office. "We're not security experts."
Savvy acquire tricked, too

Even those who are savvy about Internet security - or the deficiency thereof - are still learning.

The same thieves who tracked the Centennial State woman's online activity swiped the information for two depository financial institution business relationships belonging to Jesse James Pope, an lawyer in Houston who learns social classes in personal identity theft. Pope said he didn't cognize his machine was infected until after he noticed a $3,500 backdown from his Wachovia business relationship and called the bank. He was told that he had probably clicked on an advertisement to forestall spyware and downloaded a keylogging program.

"I didn't cognize you could chink on an advertisement and acquire a virus," he said.

Pope's information, along with that of the Centennial State woman, was among 100s of other pages of purloined information - log-ins and watchwords for Facebook, YouTube, Web-based e-mail programmes like Yahoo, and many other Web sites; cookies that would enable thieves to presume their owners' personal identities at some sites; records of every finish people visited when they surfed the Web. Recognition card game exposed

One individual surfing from a computing machine in Sunshine State had searched for books on and for information on parents and immature children at AOL, Yokel and the Australian Broadcast Media Corp. She also exposed her recognition card figure when she purchased an online first-aid social class from a unafraid site.

At a computing machine in California, person checked the position of an in-migration lawsuit at a authorities Web land land site and then moved on to a site that watercourses pornographic videos.

It's hard to state what thieves are looking for when they steal all this data, said Virgin Mary Landesman, a research worker at Scansafe in San Mateo. They may, for instance, plane off gambling passwords, which are selling well now, but, she said, "what's happening with the remainder of the information, we can only guess."

E-mail Deborah Gauge at .

No comments: