Forget Phishing Just Buy Personal Info

Iago writes "If you need information about a person in Moscow, just go to the market and buy it. The Globe and Mail reports that along with the usual pirated software, cd's etc. you can find out information such as the bank records of your competitors, motor vehicle information and tax returns. The question is, how much of this information is being sold in other countries, perhaps in a more sophisticated manner?"

Another example of security through obscurity.

[Behrooz]

The question is, how much of this information is being sold in other countries, perhaps in a more sophisticated manner?

All of it, of course. Sooner or later we're going to have to get used to the idea that the concept of preserving privacy as a society disproportionately benefits individuals and groups with the resources to acquire and disseminate information regardless of the obstacles in their way.

It's too late to save privacy as most people currently envision it. What we need to be doing as a society is focus on transparency and equality-- ensuring that all parties in the social contract stand on an equal footing with regard to what information is publicly available. Secrecy is most dangerous when the powers that be insist that it be one-sided...

It's just going to get worse

[The+Slaughter]

I think this has always been around, but with the proliferation of the digital era, it becomes easier to make a thousand copies of something.
Look at medical records, it used to take a few minutes while they looked for your chart. At the medical clinic I currently go to they can locate you instantly. When you go into the doctor's office, he has your information on-screen. If something like a patient's chart goes missing, there's physical evidence that it's gone. But if a computer is poorly secured, you may not ever realized it was compromised.
What really bothers me is who is purchasing this information. My medical records would be pretty harmless to most people, but what if a coworker with a grudge were to find out about a deadly allergy I have? There's always that scary potential you don't necessarily think about. What if a terrorist uses your identity to get into the country and commit nefarious deeds? Could you be imprisoned while they go free?

Re:It's just going to get worse

[RAMMS+EIN]

``What if a terrorist uses your identity to get into the country and commit nefarious deeds? Could you be imprisoned while they go free?''

With the current paranoia, definitely. It's better to be safe than sorry, so let's send back that plane that has someone on board who might be a terrorist (and, after all, anybody could be a terrorist), and let's keep these people safely locked up without a trial, until maybe someday we have some evidence against them, or perhaps for them.

Seriously. The principle that you're innocent until proven guilty is a healthy one. There's also a reason this has to be proven in front of a judge. These people are trained to be impartial, and to spot weaknesses in the argumentation and evidence on both sides. People in general are easily swayed, especially with media influence.

Now, to return to your issue about computers, that's a very good point, and highlights an important problem. People think computers don't make mistakes, and information that is stored there and backed up is safe. Both of these are pretty much correct. However, that does not mean that what comes out of a computer is correct in any sense. People still make mistakes when entering information, and I think we here all know how sad a state computer security is in.

Especially falsification of information from inside is a very real threat. In most applications I have seen, this leaves no traces unless you want it to. Very different from handwritten information, where it's easy to see that something was written by a different person, and investigation may even reveal who that person is. If not by the handwriting, then by the fingerprints.

Many of these fallbacks are simply not available in computer systems, and with computers being the backbone of virtually everything organized, I think we ought to be really concerned. And, I might add, the fact that most of these are running known faulty software and operated by non-computer-savvy people does not make it any better. Nor does the fact that the workings of said faulty software are hidden.

not only in Russia

[Mrs.+Grundy]

What is going on in Russia IS a little scary, but is it really any different that buying the same information from one the businesses operating in the US like choicepoint? The government and industry buys information from HUGE databases legally here in the united states, but for some reason people make it seem scarier when it is a Russian kiosk instead of an american corporation even though both exercise about the same amount of restraint and ethics concerning to whom they will sell information.

Re:not only in Russia

[Blastrogath]

the american companies usually don't sell your information to burly men named boris and ivan who are planning to kick in your door and put guns to your house as they rob you. I find publishers clearing house sweepstakes and other junk mail to be a much smaller annoyance.

"burly men named boris and ivan" can buy your information in the US, all they have to do is hire a lawyer to buy it for them via a corporation the lawer made. Americans are safe from widespread home invasion robberies because they have an efective police force and a country with a history of relitive domestic peace and tranquility.

I'm not surprised

[Underholdning]

The rule of thumb is: Do not worry about the means of transport, but the destination.
In other words - don't worry if the encryption used to send the data is 128 bit or 1024. No one will bother try to sniff'n'hack it anyways. Worry about whom you're giving your info to. Sure - they may have cheap DVD's, but in order to sell you cheap goods, they must save money in other areas. Security is (sadly) one of the first things to go.

People can be bought, too

[The+Slaughter]

You're right. There's definately cause for concern - there are now so many weak spots in the system. A lot of people with access to these important databases are making less than $10/hr. If you find the right person, $15,000 would get you whatever information or passwords you need - or worse, making changes in records or deleting information.
It happens too with corporate espionage. Somebody at the help desk might be convinced to hand over the CEO's email account password to a competitor. If I've got $15,000 and find the right person, can I get your name on a terrorist watch list?

Re:A better question

[ciroknight]

The problem is, if *any* of it is real, then we have a problem.

Especially recently with all of the banks coming out with information of their customers being comprimised.

Re:That old saying...

wasn't Layer Cake (er, i mean L4yer Cake) meant to be a pretty good film?
as for the id stuff, well there're plenty of big companies whose sole purpose is collection and selling-on of personal data, such as credit history, full name, address, telephone number, spending habits and so on.
This is the main reason i'm dead against the UK's proposed id cards. I simply don't trust whichever crappy company they award the contract to not to sell all my details to a bunch of criminals. And by criminals i mean real criminals i.e. aside from jokes about banks and other credit card issuers

Re:A better question

[smittyoneeach]

Beyond fake, one would suspect a percentage of the information is of the honeypot variety, and will lead to a knock on the door at an unreasonably early hour by some nondescript fellows with a subpoena.