All sizes | Peg and Bank Safe | Flickr - Photo Sharing!
SSNDOB has hacked the National White Collar Crime Center.

SSNDOB, a group of Deep Web identity thieves who traffic in stolen personal information, were reported earlier this week to have been hacked themselves. But that hasn’t stopped them from striking again. 

Whereas earlier they cracked information from data brokerages like Lexis/Nexis and Dun & Bradstreet, this time security researcher Brian Krebs discovered they also struck a congressional non-profit called the National White Collar Crime Center, or NW3C, drawing out 2.7 million records from an infected server between May and August of this year. 

The NW3C’s mission is to provide “training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of economic and high-tech crime.” The investigative section “has no investigative authority but can provide analytical assistance and perform public database searches.”

SSNDOB used a small but very effective botnet to assist in their information theft. When Krebs looked further at “the Web server used to control that collection of hacked PCs shows that the attackers also had at least one infected system for several months this summer inside of the NW3c.”

The NW3C partners with the FBI on IC3, the Internet Crime Complaint Center, which accepts cybercrime complaints for investigation through its website, so the quality of the information, and the level of privacy desired for it, must be high. 

The name of the server SSNDOB compromised was “data.” They apparently broke in through a public-facing server designed to handle incoming virtual private network (VPN) communications. 

“Organizations frequently set up VPNs,” Krebs notes, “so that their remote employees can create an encrypted communications tunnel back to an otherwise closed network.”

The attackers used a tool designed to exploit weaknesses in Adobe’s ColdFusion Web application platform, utilizing exploits that, Adobe says, are patched in the latest versions. 

The earlier story on SSNDOB explored the theft of stolen information by thieves from thieves. Ironically, this episode details the theft by criminals of information on other criminals.

H/T Krebs on Security | Photo by Kathleen Tyler Conklin/Flickr

Promoted Stories Powered by Sharethrough
Ashley Madison hackers allegedly just released all the stolen user data
A whole lot of people are about to have a very bad night. Nearly 10 gigabytes worth of data stolen from Ashley Madison , the leading online dating site for adulterers, has reportedly been posted on the Dark Net.
From Our VICE Partners

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!