- Jeff Bezos’ girlfriend allegedly sent his nudes to her brother, who then leaked them Saturday 6:38 PM
- This Instagram account catches influencers in the wild Saturday 5:42 PM
- The best upcoming video games to look out for in February 2020 Saturday 5:23 PM
- TikTok teens use AirPods and Google Translate to secretly talk in class Saturday 4:32 PM
- Video shows corpses of coronavirus victims lying in China hospital Saturday 3:44 PM
- Kid meets Slipknot after drumming video goes viral Saturday 2:30 PM
- Channing Tatum responds to troll who tried to compare Jenna Dewan and Jessie J’s looks Saturday 1:46 PM
- Grindr pulls an ‘I don’t know her’ after Eminem suggests he uses the app Saturday 12:48 PM
- Here are the top 10 most popular Instagram models in 2020 Saturday 12:21 PM
- ‘The Chilling Adventures of Sabrina’ takes its characters on a fantasy adventure to Hell in season 3 Saturday 11:37 AM
- Woman no longer in sorority, school after racist MLK post Saturday 10:45 AM
- Netflix’s ‘Miss Americana’ starts to deconstruct the myth of Taylor Swift Saturday 10:32 AM
- Teens charged with attempted arson after participating in TikTok ‘outlet challenge’ Saturday 8:56 AM
- ‘American Dirt’ is a metaphor for a white country built on the back of immigrants Saturday 6:00 AM
- This woman told two students to ‘speak English’ and people are not having it Friday 9:53 PM
Identity theft gang hacks database of cybercriminals
SSNDOB has hacked the National White Collar Crime Center.
SSNDOB, a group of Deep Web identity thieves who traffic in stolen personal information, were reported earlier this week to have been hacked themselves. But that hasn’t stopped them from striking again.
Whereas earlier they cracked information from data brokerages like Lexis/Nexis and Dun & Bradstreet, this time security researcher Brian Krebs discovered they also struck a congressional non-profit called the National White Collar Crime Center, or NW3C, drawing out 2.7 million records from an infected server between May and August of this year.
The NW3C’s mission is to provide “training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of economic and high-tech crime.” The investigative section “has no investigative authority but can provide analytical assistance and perform public database searches.”
SSNDOB used a small but very effective botnet to assist in their information theft. When Krebs looked further at “the Web server used to control that collection of hacked PCs shows that the attackers also had at least one infected system for several months this summer inside of the NW3c.”
The NW3C partners with the FBI on IC3, the Internet Crime Complaint Center, which accepts cybercrime complaints for investigation through its website, so the quality of the information, and the level of privacy desired for it, must be high.
The name of the server SSNDOB compromised was “data.” They apparently broke in through a public-facing server designed to handle incoming virtual private network (VPN) communications.
“Organizations frequently set up VPNs,” Krebs notes, “so that their remote employees can create an encrypted communications tunnel back to an otherwise closed network.”
The attackers used a tool designed to exploit weaknesses in Adobe’s ColdFusion Web application platform, utilizing exploits that, Adobe says, are patched in the latest versions.
The earlier story on SSNDOB explored the theft of stolen information by thieves from thieves. Ironically, this episode details the theft by criminals of information on other criminals.
Curt Hopkins has over two decades of experience as a journalist, editorial strategist, and social media manager. His work has been published by Ars Technica, Reuters, Los Angeles Times, and San Francisco Chronicle. He is the also founding director of the Committee to Protect Bloggers, the first organization devoted to global free speech rights for bloggers