In a major step to slow cybercrime, Microsoft just days ago launched a coalition that will serve as a clearinghouse for reports about caches of stolen data stashed all across the Internet. Malicious programs crafted to swipe financial and personal data have come to saturate the Internet — so much so that security researchers routinely ferret out computer servers used by cybercrooks to hoard stolen data. Until now, there was no specific process for reporting such discoveries. The Internet Fraud Alert center — spearheaded by Microsoft, and managed by the National Cyber-Forensics & Training Alliance (NCFTA) — will serve as a reporting hub. Stolen payment-card numbers and online banking-account log-ons will be routed to the issuing banks. The institutions will then decide whether to alert customers, suspend the accounts or pursue legal remedies. Stolen Social Security numbers, birth dates and other personal data will be archived offline by the NCFTA and made available, as needed, to law enforcement. “This fills a big gap in the arsenal of weapons we need to fight online fraud,” said Microsoft’s deputy general counsel. The stakes are high. Phishing scams, just one method of cyberthievery, revolve around tricking Web users into divulging sensitive data. Last year, phishing gangs duped 1 million U.S. households into losses of $650 million, according to Anti-Phishing Working Group, a consortium of banks, retailers, Internet host providers, tech-security companies, and law enforcement agencies.
