Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/25/2006
08:50 PM
50%
50%

Stolen Data: Trouble's Just A Click Away If You Know Where To Look

If news of the recent theft of a Veterans Affairs laptop containing records of 26.5 million vets and their spouses has you feeling insecure, here's something you'll really like: marketplaces where this stolen information can be bought and sold so that criminals can not only steal your identity, but gain access to all that your identity provides. While these marketplaces aren't new, I recently sat down with a

If news of the recent theft of a Veterans Affairs laptop containing records of 26.5 million vets and their spouses has you feeling insecure, here's something you'll really like: marketplaces where this stolen information can be bought and sold so that criminals can not only steal your identity, but gain access to all that your identity provides. While these marketplaces aren't new, I recently sat down with a couple of RSA Security Inc. anti-fraud researchers to learn how these marketplaces operate.One active site is TalkCash.net, a network where fraudsters can buy and sell everything from stolen account information to CVV anti-fraud credit card codes to the software needed to exploit this data. "The market has evolved so much that you can buy everything you need online to launch an attack," including hosting services, Amir Orad, VP of marketing for RSA Consumer Solutions, told me.

In a case of honor among thieves, the site even offers a list of "Rippers," those who've used the marketplace but are unreliable. "Verified vendors," on the other hand, are those who've proven that they can deliver on their promised goods.

EBay-like setups such as TalkCash or TheftServices vary in the amount of time they're able to operate. While TalkCash has been around since 2002, others are around for six months or so before they morph into new sites with new addresses, even though the players are often the same, Orad told me. TalkCash qualifies its business model by posting rules that state, "If you suspect that information obtained through this site may be in violation of any laws or statutes of your country or nation: Please Leave This Forum Immediately!"

Payment often takes the form of Western Union wire transfers or payments of E-gold. CVV codes have been sold on TalkCash for $3 each, or more if the CVV code comes with date-of-birth information.

The sites have evolved from information postings to actual marketplaces, Orad said. Law enforcement is likewise improving its ability to track this illegal activity, "but the pace of the bad guys is way faster than that of the good guys," he added.

Online fraudsters are slippery but not impossible to catch. The U.S. Secret Service in 2004 made its biggest online fraud operation bust when it shut down the Shadowcrew.com Web site and arrested six Shadowcrew members. This online marketplace was responsible for trafficking at least 1.5 million stolen credit and bankcard numbers that resulted in losses of more than $4 million. Shadowcrew members pled guilty to a number of charges, including unlawful transfer of identification to facilitate criminal conduct and conspiracy.

Federal authorities said Shadowcrew had about 4,000 members, many of whom specialized in the electronic theft of personal identifying information and credit card and debit card fraud. The Secret Service used wiretaps, an undercover informant, and their own understanding of Web technology to infiltrate the group's private chat rooms and monitor their conversations and transactions. Shadowcrew obfuscated their actions by using a number of proxy servers that kept law enforcement from finding the sources of the different transactions. The Secret Service was able to get a break in the case by setting up its own virtual private network and inviting Shadowcrew members to connect.

These online black markets help us understand what's at stake when data is lost or stolen. While the VA was quick to point out that the unencrypted data on its stolen PC was likely of little use to the thief, it's obvious that someone with even the most basic computer skills can cause big trouble if they know where to look.

Weigh in with your thoughts on the state of IT security here.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16271
PUBLISHED: 2020-08-03
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.
CVE-2020-16272
PUBLISHED: 2020-08-03
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection.
CVE-2020-8574
PUBLISHED: 2020-08-03
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
CVE-2020-8575
PUBLISHED: 2020-08-03
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
CVE-2020-12739
PUBLISHED: 2020-08-03
A vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. The vulnerability is due to improper design or implementation of the Ethernet communication modules of the CNC. An attack...