French financial authorities might have just blown away an interesting case against people suspected of tax evasion because they have used stolen data in their investigation. The French had come across a list of 3000 of their nationals suspected of using Swiss banking secrecy to pay less or no taxes. But the list has been handed to them by a former IT worker at HSBC in Switzerland who, as it happens, did not have the bank’s approval to give it to the French…

The Swiss HSBC confirmed one of their employees was suspected of stealing data (in the 2008-2007 interval), but said case only involved a list of 10 accounts. A conviction of sorts isn’t confirmed, but the former IT employee is rumored to have fled to France where he benefits from French protection.

French newspapers quoted by The Register claim that the stolen list actually contained 4000 names of French clients, all of them holding abut 6 billion EUR, of which only a part were actually suspected of tax evasion. More on this case in The Register and The Times.

…70 GB of stolen data behind a new botnet that has caught researchers’ full attention. Security researchers have managed to infliltrate, through the Torpig botnet, one of the well known zombie networks in the virtual world. According to their findings, this impressive amount of data was stolen in only 10 days.

As the Register reports, Torpig bots manage to steal more than 8,300 credentials corresponding to 410 different financial institutions.  The research team from the University of California at Santa Barbara, over 21% of the accounts belonged to PayPal users. Almost 298,000 unique credentials were intercepted from more than 52,000 infected machines.

How could this happen so fast? It’s all due to the “unusually large haul is Torpig’s ability to siphon credentials from a large number of computer programs”.

After wrapping its tentacles around Mozilla Thunderbird, Microsoft Outlook, Skype, ICQ, and 26 other applications, Torpig constantly monitors every keystroke entered into them. Every 20 minutes, the malware automatically uploads new data to servers controlled by the authors. Because the software runs at such a low level, it is able to intercept passwords before they may be encrypted by secure sockets layer or other programs.

Definitely scary!

Wonder no more, as the answer is no public: they do! You can buy hardware containing private details of strangers on eBay! Just a short while ago an IT manager paid 35 pounds on a computer hard disk containing one million sets of bank details.

The said hardware piece contained details of customers of American Express, NatWest and the Royal Bank of Scotland, as reported by The Register. And Andrew Chapman, the guy who paid the money, would have had everything he needed for identity thefts: names, addresses, sort codes, account numbers, credit card numbers, mobile phone numbers, mothers’ maiden names and scans of signatures.

The second hand computer the hard drive belonged to was the property of Graphic Data. The Archiving firm seems to be missing a second computer with the same type of information.