Slashdot Mirror
Forget Phishing Just Buy Personal Info
Iago writes "If you need information about a person in Moscow, just go to the market and buy it. The Globe and Mail reports that along with the usual pirated software, cd's etc. you can find out information such as the bank records of your competitors, motor vehicle information and tax returns. The question is, how much of this information is being sold in other countries, perhaps in a more sophisticated manner?"
Nothing like fishing eh
They've been doing this for years in other countries. What most people don't realise is that most of these stories you hear about personal information/security breaches (Lexis Nexis, etc etc etc) usually goes to thugs like this.
These thugs sell this information to people in the black market. This isn't new stuff neither, the news just seems to hover on this and "identity theft" a lot recently. It's been happening since the 80's.
A better question is, how much of this information is real?
Why buy the cow when you can have the milk for free? Phishers/Pharmers will still steal things rather than pay for them. Besides, like it says in the article, the illicit databases are compiled from data stolen by hackers, so it's just another layer in the cake of computer crime.
A massive flood of fake information would dilute the value of stolen i.d. right?
you need your social, call me 555-5555
But, I thought information wants to be free?
Spoon not. Fork, or fork not. There is no spoon.
Doesn't it scare all of you that this has been happening for so long already? I'm not saying there is much we can do about it, but it's still scary.
Now think about the databases the FBI and the airport security are keeping about you. Not only that but also the ones K-Mart, Wal-Mart, Target, Giant(foods), and other stores. It shouldn't be too hard to be you. Just find out your address, and jump on Google maps. Find the nearest stores to you. With your name and address find out your shopping history. And expand from there.
And you thought with all the political speech out there that you might actually be safe in the USA. I'll be happy being Anonymous, until I choose to be known.
Sell a man a phish he can scam for a day, but teach him how to phish and he can scam for himself for a lifetime.
One of the definitions of a business is an organization that can choose who gets the limited resources. Businesses want to keep their stuff private/limited when they want to just like individuals do.
And it's not like these lists ever get refreshed much, so what you end up with is increasingly less useful data in these lists, and the vendors don't even care about it. It's just the nature of the beast (and the overall state of former Russia, where anything goes).
Will wank off Linus Torvalds for fame.
The question is, how much of this information is being sold in other countries, perhaps in a more sophisticated manner?
All of it, of course. Sooner or later we're going to have to get used to the idea that the concept of preserving privacy as a society disproportionately benefits individuals and groups with the resources to acquire and disseminate information regardless of the obstacles in their way.
It's too late to save privacy as most people currently envision it. What we need to be doing as a society is focus on transparency and equality-- ensuring that all parties in the social contract stand on an equal footing with regard to what information is publicly available. Secrecy is most dangerous when the powers that be insist that it be one-sided...
"We have to go forth and crush every world view that doesn't believe in tolerance and free speech." - David Brin
I think this has always been around, but with the proliferation of the digital era, it becomes easier to make a thousand copies of something.
Look at medical records, it used to take a few minutes while they looked for your chart. At the medical clinic I currently go to they can locate you instantly. When you go into the doctor's office, he has your information on-screen. If something like a patient's chart goes missing, there's physical evidence that it's gone. But if a computer is poorly secured, you may not ever realized it was compromised.
What really bothers me is who is purchasing this information. My medical records would be pretty harmless to most people, but what if a coworker with a grudge were to find out about a deadly allergy I have? There's always that scary potential you don't necessarily think about. What if a terrorist uses your identity to get into the country and commit nefarious deeds? Could you be imprisoned while they go free?
What is going on in Russia IS a little scary, but is it really any different that buying the same information from one the businesses operating in the US like choicepoint? The government and industry buys information from HUGE databases legally here in the united states, but for some reason people make it seem scarier when it is a Russian kiosk instead of an american corporation even though both exercise about the same amount of restraint and ethics concerning to whom they will sell information.
I am curious with the wonder of when someone is think the contents will from mother russia be on the wikipedias,
I am in need of some friendshipful cashmonies
The rule of thumb is: Do not worry about the means of transport, but the destination.
In other words - don't worry if the encryption used to send the data is 128 bit or 1024. No one will bother try to sniff'n'hack it anyways. Worry about whom you're giving your info to. Sure - they may have cheap DVD's, but in order to sell you cheap goods, they must save money in other areas. Security is (sadly) one of the first things to go.
Underholdning.info
In every major Russian city you can obtain almost for free a database with phone numbers(including cell), addresses, car registry and pasports for all citizens of this city.
Even more, it's hard to find a PC in my own city that doesn't have a "Megapolice" database, which contains all above information accessible throught a single easy-to-use interface.
Village idiot in some extremely smart villages.
...at least corruption was organized. I'm afraid nowadays Russia is just a big mess. You can't expect anything else.
Anyway, I guess that these days you better have nothing to hide.
Walk into any telemarketing office and you'll find people's information that has been bought. In the shadier ones, you'll find lead sheets with SS numbers, bank account numbers, credit card numbers, etc. Sure some of the people are "suckers" (term used to describe people who've bought from telemarketers before), but a lot of them are stolen from the internet.
Forget grammar just stick words together see like this isn't that easy
It's being sold in India. I've met "vendors" who do the round of direct marketing agencies peddling CDs for information. The last I checked, about a year ago, a data CD came for 10c/record...
I've given a lot of thought to the subject lately, and really, I've decided I don't care much. In fact, I honestly believe that anyone who stole my identity would after a quick perusal of what they've stolen feel guilty and probably credit me a couple of hundred bucks or so.
Hey, you can't steal what isn't there, and my credit is already wrecked beyond belief. You'd have to be a pretty desperate scammer to steal my identity.
Why do I M2 everything negatively?
Just curious when we'll actually stop bleeding our personal info to foreign nations?
How about security?
Its pretty scary when you realize we were once at war with Russia. Nuclear stand offs... spys... tight security....
Just how tight was that security?
It seems to me that either there never was security, or we're just getting so lazy about protecting ourselves.
The hellish nightmare that one must go through when having their info stolen... is too much of a burden on the victom. It is not right that we continue to hand over info to unknowns.
NO, NO, NO, it's
In Soviet Russia you buy your own information.
Equifax
Transunion
Experian
Unless you consider once a year access acceptable. Your credit report free. But that's only once a year.
Who's information is it anyway?
i can already see this joke coming...
Live in the woods in a shack, no computer, no TV, no stereo, just you, the chickens, the cows, your banjo, and Deliverance. Que creepy hillbilly guitar riff.
By now you should have guessed...I'm your magic negro.
A few years ago in Israel a CDROM started circulating with information about more-or-less the entire population. The database was probably leaked from the Ministry of Interior. It was originally used by a private investigations firm but a copy leaked and started circulating freely.
IMHO, once it's out there it's everyone's civil duty to get a copy, just to level the playing field.
Database maintains YOU!
You're right. There's definately cause for concern - there are now so many weak spots in the system. A lot of people with access to these important databases are making less than $10/hr. If you find the right person, $15,000 would get you whatever information or passwords you need - or worse, making changes in records or deleting information.
It happens too with corporate espionage. Somebody at the help desk might be convinced to hand over the CEO's email account password to a competitor. If I've got $15,000 and find the right person, can I get your name on a terrorist watch list?
The easiest way to buy personal information here in the U.S. is to set up a fake company, then request the desired information from one of the major credit bureaus: Experian, Equifax, TransUnion, or ChoicePoint. Back in February ChoicePoint admitted to releasing the information on at least 145,000 consumers to fake companies.
In the UK I've had the ... pleasure (?) ... of knowing some exceedingly dodgy people with very good technical skills. This information has been available to criminals with the requistite amount of cash as long as hackers (sorry crackers) decided they could make a fast buck doing companies rather than pootling around insecure university networks.
Nothing new here and it certianly isn't limited to dodgy stalls in Moscow markets or corrupt outsourced callcentre employees.
I don't read your sig, why do you read mine?
Which raises another scary issue. Stolen personal data is not that much of an issue. But what's happening to all those nukes that the soviet union built? I assume they are taking care of them as best they can, but how well is that? What about the ones in other countries, where the president may not be as powerful as Putin? Or what about more remote parts of russia, where people are secretly carrying out their own schemes behind Putin's back?
Please correct me if I got my facts wrong.
fish phish you!
nt.
I completely thought the title of the parent was leading up into a "In Soviet Russia, information phishes you!
That's what the cool kids are doing, anyway.
...but there aren't enough moderation points available in the /. system to stave off the flow of bad "In Soviet Russia..." _AND_ "PROFIT!" jokes that are going to flood in from this one.
;)
If you think you have a good one, please save someone a mod point by keeping it to yourself, because if it isn't already redundant, it soon will be.
This message brought to you by the Moderator Points Association of America (MPAA) *ducks*
--
I'm commenting on this story to prevent myself from burning moderator points on useless comments like this one
In corporate America, certain organizations are corrupt.
In soviet Russia, corruption certainly was organized.
See, wasn't that easy?
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
The article and the databases there are about the personal information of Russian residents (well, including Americans who live there), not some outsourcing mishap.
That's really bad news for the security !
Chris ,
Php Programmers.
OMG THAT IS SO FUNNY
Check out that slahdot site on that World Wide Web thing, I bet they'd just love that one.
Wow! So original and witty! Wow!
Though this is only alluded to in the article, one of the greatest dangers is using information like this as an ransom hit-list. If you could abduct the kids of the ten richest people in Moscow, odds are at least one of them would pay up...
Things like that are depressingly common in some parts of the world.
"Live as if you'll die tomorrow." Ridiculous. You could die later today.
After student loans and other such fiscal treasures, I'd be happy to sell my identity to one of these places that sells it to other people... so, where do I sign up?
I like suggestions, but I don't like contributing towards them.
... rope will hang you!
The Capitalists will sell us the rope with which we will hang them.
-- Vladimir Ilyich Lenin
Off topic but important - bombings in London - so far 3 bus bombs and bombings in the tube reported.
that they haven't scammed detail from places like say, the NYTimes subsriber database. "Mr A Butthole, Kansas" and "Phil McCrackin, Washington" might find unwanted junk mail winging their way towards them.
Meine Schwester ist sehr, sehr reizvoll - Nietzsche
IN SOVIET RUSSIA, PERSONAL INFORMATION BUYS YOU!
(Don't complain. If I didn't say it, someone else would. Seriously, its like a government regulation or something.)
Looks like there have been explosions at five London tube stations and on at least one bus:
http://news.bbc.co.uk/1/hi/uk/4659093.stm
Microsoft.
here! here!
all that agree, say "i"
Yeah, but the terrorists need Bush and Blair or there would be no one to fight against. Just like Bush and Blair need the terrorists. It's a circular setup.
Australia Slashdotters: call the DFAT hotline on 1300 555 135 to check on any friends or relatives you might have in London.
$100 (even Canadian) per CD is a worthy amount of money in Russia or other second/third world countries where back-office operations have been off-shored to. This problem is only going to keep growing at these price levels.
The point here is that there is very strong incentive to provide accurate data at these price levels, competition being what it will be.
The best way to predict the future is to create it. - Peter Drucker.
The question is, how much of this information is being sold in other countries, perhaps in a more sophisticated manner?
USian? Go get your free credit report. Look closely at who has recently requested it. They're getting all kinds of information about you. Your bank, credit card company, mobile phone provider, broadband provider, power company, pretty much anyone with your name addy and social security number can sell your info to be requested by someone else at any time. This is a perfectly legal and legit practice. Regarding other countries, these businesses who outsource IT to India/China/Russia will locally all have this information to trade on the white and black market where there are even less data privacy laws.
I used to worry about identity theft and related crimes. I used to think I was the one in control and had the responsibility of securing my personal information. No, the companies that trade on personal info and credit have the control and the toothpaste is out of the tube. I can never secure the last 30 years of my information again, so why bother trying? All I can do is be vigilant in trying to detect fraud and deal with it on a case by case basis.
There is too much commerce at stake for governments to pass laws to ensure data privacy or make issuing credit more secure. Stop whining and start making arguments to your local politicians for doing what you want to be done.
Speak truth to power.
...the government is a key player in this market. They keep a database of peoples names, addresses, age, spouses, children, number of people in household and that kind of stuff and they sell queries to this database. If you want to target single mothers whose children are aged 4-8, just contact an authorized reseller and get a list of names with addresses. They don't allow targeting children under 6 months though.
P.S. This is in Iceland.
Forget commas who needs 'em
People burned by that one could go for a class action lawsuit against either Mastercard their service supplier or the software vendor or a combination. There's no excuse for using tools known to be defective in a networked context.
Increasingly that said same vendor has been associated with breaches of security and failures. A year ago it was voting machines now this...
When we can have Open Source what is so wrong with having Open Information?
In a way these guys are following the GNU principles. You can sell the information but you also need to give away the complete source. Once you have the information you can use it on any number of machines.
Seriously, is anyone actually surprised by this story? I mean you have to figure that criminal organizations worldwide would traffic personal information in this manner. I'd imagine you could go into any major city and find a place to by such data at cheap prices (Ok, maybe not quite that cheap, but cheap in the spectrum of what you get by using the info you purchase).
Sea the subject.
Hell, you can buy your wife while in Russia. I would expect to be able to buy just the info on other people's wifes.
-----BEGIN PGP SIGNATURE-----
12345
-----END PGP SIGNATURE-----
And, of course, they both need Israel to stir up the waters. Without Israel, neither side would really care about the other.
Where's your sense of humor?
In Soviet Russia, information buys you!
There is a consumer movement to have all companies purge peoples SS# from their databases, this will not stop fraud but will make it harder to rob people before you can say the words "our privacy policy and your data is secure."
He who knows best knows how little he knows. - Thomas Jefferson
GNU is not about information, it's about code, it's the Free _Software_ Foundation that's behind it, not the Free _Info_ foundation or whatever.
Free Software is not about all kinds of freedom. It's just about software. It's like that, because in the context of software, freedom is much more obviously necessary than in other contexts, where its benefits can be more subtle.
What you are talking about is those guys that say the "information wants to be free" stuff. I like that, but GNU/FSF has nothing to do with them.
A great share of it is promoting such databases.
And since i'm in the middle of this war zone, I can help you get a better picture.
This is just one such email
Here's what else the message contains:
Fucking assholes, they also sell databases of emails. You know, the funny thing is that for a long time they probably had no market for these things, because I only got spam which promotes email-databases, nothing else [no products, no services, etc].
For those who can read russian, here's the original message (all I had to do was pick a random email from my junk folder)
The saddest poem
how much of it is accurrate? And how much of it could end up circulating around, get laundered through a grey market vendor and end up in a law enforcement or financial database?
This could have serious implications for an individual's credit rating or whether they end up as a guest of a government security agency indefinitely with no legal recourse.
I have worked in situations where we bought information on customers and just off hand I would say that when we compared our known good (recently updated by the customer) information with what we bought there was at least a 30 to 40% inaccurracy rate (name error, marital status or spouse errors, employment or business information errors etc.).
putting the 'B' in LGBTQ+
Not long ago here in Mexico, a punk servicing a PC in the Federal Electoral Institute downloaded and sold the ENTIRE National Voter Registry to a two bit data aggregator, which in turn sold the database to Choicepoint in the U.S.
Now the National Voter Registry contains the name, address, telephone and date of birth of all the people over 18 in the entire country. It is the basis for the most trusted identification used over the country and of our voting system.
The costs of managing and updating the registry is just a bit over a thousand million dollars per year. The punk sold the database for measly 2000 dollars.
After the excrement hited the cooling device, there was a big showdown between the aggregator, Choicepoint and the local authorities. The punk got busted and the buyers claim they destroyed the databases (yea, like hell they did).
I for one am not ever updating my entry in the Registry.
My other OS is the MCP!
Replies to this thread will list specific references to companies that provide this service, or hashes of files on P2P.
-- I was raised on the command line, bitch
In most states you can go to DMV and get their entire database for 50 or so bucks. In Oregon one guy used to post it online, so they made posting it online illegal. (Of course they didn't STOP selling the information!).
They pretty much give you everything you need to commit identity fraud: License plate number, Car type, DL license, address, banking information, vin number, DOB, and supposedly you can even get the license database which includes driver photos!
Making life easier for phisher. Just be sending credit card an social security number to da address below for personal information.
Comrad Phish
easyphishing@yahooski.ru
1. I get several pieces of spam in Russian every day advertising these databases. Dammit.
2. Law enforcement in Russia does nothing about it. In the current situation, it is trivial to catch the seller: the databases advertised in spam, for example, are delivered by a courier. If the police were interested in hindering this activity (or forcing it deeper underground, at least), they would do this in a blink of the eye. Nothing is done, though.
3. I like the way Norway deals with this danger, partially at least. A lot of information in Norway is public, period. National and mobile operatiors phone directory is public (unless you specifically ask the mobile operator to withhold yor number from the listing) and searchable online. Summaries of tax amount, personal income and fortune by year are public for everybody, complete with mail addresses and year of birth (it used to be the full date of birth, but they have decided to limit it to the year recently). The tax database have been open for a good hundred of years, previously as paper records and now online. Only a handful of persons in the country can have their records hidden from the public view, usually those stalked by sex offenders (e.g. by former hisbands) and the like. Basic information on all companies and organizations is searchable online, too.
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
While you can see who's requested your credit report (and I'd recommend you check it at least annually), this has limited utility.
While most financial institutions will prefer to obtain this data directly from the major vendors (Experian / Trans Union, Equifax), the problem is that data are transitive, but data tracing is not. You have no idea who among the entities who've requested your data have passed it on, or let it slip, to others.
You may see the secondary queries and activity resulting from such leakage, however.
What's happening right now is that the basis for assuming identity based on data characteristics is being called into serious question. The leakage must be assumed, and the genie can't be re-corked. Not that I'm happy about this either. But figuring out how to operate in this world, as individuals, as financial institutions, and as merchants, is going to be an interesting problem over the next few years.
What part of "gestalt" don't you understand?