[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Data Broker Giants Hacked by ID Theft Service
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2013-09-25 6:32:26
Message-ID: alpine.DEB.2.02.1309250632150.24273 () infosecnews ! org
[Download RAW message or body]

http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/

By Brian Krebs
Krebs on Security
September 25, 2013

An identity theft service that sells Social Security numbers, birth 
records, credit and background reports on millions of Americans has 
infiltrated computers at some of America's largest consumer and business 
data aggregators, according to a seven-month investigation by 
KrebsOnSecurity.

The Web site ssndob[dot]ms (hereafter referred to simply as SSNDOB) has 
for the past two years marketed itself on underground cybercrime forums as 
a reliable and affordable service that customers can use to look up SSNs, 
birthdays and other personal data on any U.S. resident. Prices range from 
50 cents to $2.50 per record, and from $5 to $15 for credit and background 
checks. Customers pay for their subscriptions using largely unregulated 
and anonymous virtual currencies, such as Bitcoin and WebMoney.

Until very recently, the source of the data sold by SSNDOB has remained a 
mystery. That mystery began to unravel in March 2013, when teenage hackers 
allegedly associated with the hacktivist group UGNazi showed just how 
deeply the service's access went. The young hackers used SSNDOB to collect 
data for exposed.su, a Web site that listed the SSNs, birthdays, phone 
numbers, current and previous addresses for dozens of top celebrities — 
such as performers Beyonce, Kayne West and Jay Z — as well as prominent 
public figures, including First Lady Michelle Obama, CIA Director John 
Brennan, and then-FBI Director Robert Mueller.

Earlier this summer, SSNDOB was compromised by multiple attackers, its own 
database plundered. A copy of the SSNDOB database was exhaustively 
reviewed by KrebsOnSecurity.com. The database shows that the site's 1,300 
customers have spent hundreds of thousands of dollars looking up SSNs, 
birthdays, drivers license records, and obtaining unauthorized credit and 
background reports on more than four million Americans.

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/

[prev in list] [next in list] [prev in thread] [next in thread]