- The best app controlled Christmas lights for the holidays 6 Years Ago
- Go green and save green with solar-powered Christmas lights 6 Years Ago
- Bloomberg on diversity in 2020 race: ‘Don’t complain to me’ 6 Years Ago
- Midge flaunts the worst side of herself in ‘Marvelous Mrs. Maisel’ season 3 6 Years Ago
- Social media companies continue to fail to police fake behavior, study finds Today 10:44 AM
- Despite changes, the YouTube 2019 Rewind video is still massively disliked Today 10:11 AM
- ‘Home for Christmas’ brings a needed sharp edge to Christmas rom-com season Today 10:07 AM
- Joe Biden seemingly called a voter ‘fat’—but his campaign denies it Today 9:30 AM
- The decade in internet scamming Today 9:00 AM
- Bernie Sanders unveils ‘high-speed internet for all’ plan Today 8:59 AM
- Hulu’s ‘Into the Dark’ scores with Christmas-themed ‘A Nasty Piece of Work’ Today 6:00 AM
- West Virginia corrections employees suspended after Nazi salute photo surfaces Thursday 8:02 PM
- Here are the 15 best Eddie Murphy movies available to stream Thursday 7:56 PM
- Ex-InfoWars video editor admits to making up Islamophobic stories Thursday 6:55 PM
- WhatsApp accounts deleted amid Kashmir internet blackout Thursday 6:21 PM
The cybercrime outfit that’s been selling all your info has been hacked
Even the hackers who steal our information can’t be trusted to protect themselves from hackers.
Deep Web identity theft service, SSNDOB, has been pilfering the personal info of millions Americans from some of America’s largest consumer and business data aggregators, according to security researcher, Brian Krebs.
As worrying perhaps, as he writes on his website, Krebs on Security, is that SSNDOB has itself been hacked.
For the last two years, the people behind the site have been advertising it as the Costco of ID theft, charging 50 cents to $2.50 per ID and from $5 to $15 for credit records and background checks. The site takes payment in crypto-currencies like Bitcoin.
This summer, however, crackers broke into SSNDOB and stole and shared its database. Krebs analyzed that info, discovering that 1,300 customers spent hundreds of thousands of dollars on the site to obtain information on over 4 million Americans and that it shared 1.02 million unique SSNs and 3.1 million birthdates with its clients since it launched in 2012.
Although the database itself did not divulge its sources, Krebs said his analysis indicates “these individuals also were responsible for operating a small but very potent botnet” and that this botnet “controlled at least five infected systems at different U.S.-based consumer and business data aggregators.”
Two of those systems belonged to the granddaddy of information aggregation, Lexis/Nexis, an online legal, public records and media research service. They had been accessed since at least early April
Another two were within business intelligence provider Dun & Bradstreet, which licenses business information on 220 companies globally to investors, journalists and companies who need to assess credit risks. These had been accessed by the botnet since at least late March.
The final was that of Kroll Background Screening, a drug, health, and employment screening company owned by another company, HireRight. That server had been compromised since June.
The software used to set up back doors in the servers were advanced enough to elude detection by sophisticated anti-malware software, Krebs said.
The affected companies are working with the Federal Bureau of Investigation to trace the actions of SSNDOB and its effects on the integrity of its information.
It can hardly be a surprise that even the hackers who steal our information can’t be trusted to protect themselves from hackers.
Curt Hopkins has over two decades of experience as a journalist, editorial strategist, and social media manager. His work has been published by Ars Technica, Reuters, Los Angeles Times, and San Francisco Chronicle. He is the also founding director of the Committee to Protect Bloggers, the first organization devoted to global free speech rights for bloggers