ID theft and Russian hacking
Our personal (financial) information is an important piece of the scheme for fraudsters. Although we think about hackers and online exposure, a recent study from the ID Theft Resource center shows that a lot of personal information still gets stolen the old fashioned way: lo-tech data breaches a la snatching wallets and mail. 9% of cases has to do with online phishing and people exposing their info to websites they shouldn’t. 17% has to do with database hacking; companies that have your data do not always store or send it secure enough. Accidental loss (or stupidity) of personal data by companies accounts to 11.6% of all breaches.
No matter how well you protect your own wallet and personal data in your house, nowadays you have to share it with companies you do business with. You leave it up to these companies to protect your data. They do not always succeed. Remember Albert Gonzalez? Last month this ‘master hacker and former criminal informant’ was indicted for the alleged theft of 130 million credit card numbers. He stole them by hacking into the databases of a credit card payment processing company. Did your credit card company replace your credit card during the last months because of ‘fraud concerns’? Good chance Albert caused that. The $1.65 million and a 2006 BMW that were confiscated during his arrest probably will not cover for the fraud loss, let alone the remediation efforts that the involved companies had to take.
It’s all about the money and everything seems for sale..
The price ranged from $20 for large number of “USA Visa Classic” numbers to $170 for “dumps” of Visa Gold cards issued in France, Spain and Turkey. The price per card hovers around $1 but drops closer to each card’s expiration date. The Daily News found more than 15 sites selling credit cards and other ID information. FBI and Secret Service agents have found many more. The top-dollar underground product is the “full info card,” with a victim’s name, passport information, Social Security number, credit cards, date of birth and mother’s maiden name. “That costs about a thousand dollars,” said Larry Johnson, agent in charge of the Secret Service’s criminal investigation unit.
The Manhattan DA’s office announced the indictment of members of the ‘Western Express Cybercrime Group’ who were dedicated to steal credit card and other personal information via the internet. The group realized millions in illicit profits from the sale and fraudulent use of this personal data, with some members of the enterprise laundering these profits in a variety of high-tech ways. At the hub of this group was Western Express International, Inc., a corporation in New York County that coordinated and facilitated the Internet payment methods used by the criminal enterprise to purchase the stolen information, and launder the criminal proceeds earned. The suspects are from Russia, Moldova, Belarus and the Ukraine. Do we finally get some grip on the infamous ‘Russian hackers”? In the meanwhile, keeep your information safe and hope that the companies that store your data so the same.
http://www.idtheftcenter.org/artman2/publish/lib_survey/Breaches_2009.shtml
http://www.time.com/time/business/article/0,8599,1917345,00.html
http://www.idtheftcenter.org/artman2/publish/m_press/Identity_Theft_The_Aftermath_2008.shtml
http://www.netfast.com/xq/asp/id.1183/p.5-6-1/qx/PressRelease_view.htm
