Hacking Made Easy

washingtonpost.com is not naming that site because it too is still online. The company that hosts the site, District of Columbia-based HopOne Internet Corp., did not return calls and e-mails seeking comment.

Larry Johnson, special agent in charge of the criminal investigative division at the U.S. Secret Service, said the agency is keeping close tabs on the keylogger sites, which he said offer invaluable intelligence on the workings of online financial fraud groups.

"We know where these guys are and what they're doing, and we could probably take them off of that hosting site, but it just becomes a Whac-a-Mole problem, where we lose them for a while and then may not know what they're doing," Johnson said.

Johnson stopped short of saying whether the Secret Service had opened an investigation into the matter. "We do have a few things going on right now that we feel will disrupt some of these types of operations," Johnson said. "We're not interested in just sitting idly by."

Sunbelt's Sites said the proliferation of keylogger-driven fraud signifies that the hackers and criminals using malware to steal peoples' personal information are seeking a better system to manage the stolen data because they are so successful at stealing it.

"The amount of stolen data has become overwhelming to security researchers who find it while tracking down the bad guys," Sites said.

Keyloggers programs have been around for years, but only recently have security experts begun finding large online troves of keylogged information organized in large back-end databases for remote Web sites.

Last week, Sites discovered another currently active keylogger control Web site registered to an individual in Russia. One of the files on that site was a large text document containing the raw keylogged data from hundreds of computers infected with "Winldra.exe," a popular keylogger program. Winldra is attributed to the owners of Ratsystems.org, a Russian site that sells a variety of malicious software and identity theft services.

Kingsland, Ga., resident Justin Rollins, 28, was among those whose private data was stored on the Russian server. Rollins said he's not sure how the keylogger got onto his Windows XP computer, but he confirmed that the information found in the text file included the user names and passwords he had stored in IE for his eBay, Paypal, credit union and Hotmail accounts. The text file indicates the keylogger began uploading his account information on Valentine's Day.

"I guess it's one of the down sides of the Internet that it makes things more convenient, and then you have people design stuff like this to make things miserable for people," Rollins said.

Some of the more advanced keylogger programs in use today can even take snapshots of the image on the computer screen when the victim visits a Web site that requires a user name and password. Experts say this "screen scraping" functionality originally was built into many keystroke loggers to defeat anti-keylogger security measures -- used mainly in Britain and South America, where the threat is the worst -- that require online customers to log in by using a mouse to click on a keyboard image on their screens rather than type on their actual keyboards.

Vulnerability Can Be Contagious

The following account, pieced together by tracing the trail of keylogged data, illustrates how even companies that follow all of the best precautions on computer security can fall victim to cyber crime when their business partners have been compromised.