Identity theft gang hacks database of cybercriminals

SSNDOB has hacked the National White Collar Crime Center.


Curt Hopkins


Published Oct 1, 2013   Updated Jun 1, 2021, 5:11 am CDT

SSNDOB, a group of Deep Web identity thieves who traffic in stolen personal information, were reported earlier this week to have been hacked themselves. But that hasn’t stopped them from striking again. 

Whereas earlier they cracked information from data brokerages like Lexis/Nexis and Dun & Bradstreet, this time security researcher Brian Krebs discovered they also struck a congressional non-profit called the National White Collar Crime Center, or NW3C, drawing out 2.7 million records from an infected server between May and August of this year. 

The NW3C’s mission is to provide “training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of economic and high-tech crime.” The investigative section “has no investigative authority but can provide analytical assistance and perform public database searches.”

SSNDOB used a small but very effective botnet to assist in their information theft. When Krebs looked further at “the Web server used to control that collection of hacked PCs shows that the attackers also had at least one infected system for several months this summer inside of the NW3c.”

The NW3C partners with the FBI on IC3, the Internet Crime Complaint Center, which accepts cybercrime complaints for investigation through its website, so the quality of the information, and the level of privacy desired for it, must be high. 

The name of the server SSNDOB compromised was “data.” They apparently broke in through a public-facing server designed to handle incoming virtual private network (VPN) communications. 

“Organizations frequently set up VPNs,” Krebs notes, “so that their remote employees can create an encrypted communications tunnel back to an otherwise closed network.”

The attackers used a tool designed to exploit weaknesses in Adobe’s ColdFusion Web application platform, utilizing exploits that, Adobe says, are patched in the latest versions. 

The earlier story on SSNDOB explored the theft of stolen information by thieves from thieves. Ironically, this episode details the theft by criminals of information on other criminals.

H/T Krebs on Security | Photo by Kathleen Tyler Conklin/Flickr

Share this article
*First Published: Oct 1, 2013, 7:18 pm CDT