Slashdot Mirror

← Back to Stories (view on slashdot.org)

Forget Phishing Just Buy Personal Info

Posted by samzenpus on from the who-are-you-today dept.

Iago writes "If you need information about a person in Moscow, just go to the market and buy it. The Globe and Mail reports that along with the usual pirated software, cd's etc. you can find out information such as the bank records of your competitors, motor vehicle information and tax returns. The question is, how much of this information is being sold in other countries, perhaps in a more sophisticated manner?"

17 of 163 comments (clear)

  1. Known about this for years by pcmanjon · · Score: 5, Interesting

    They've been doing this for years in other countries. What most people don't realise is that most of these stories you hear about personal information/security breaches (Lexis Nexis, etc etc etc) usually goes to thugs like this.

    These thugs sell this information to people in the black market. This isn't new stuff neither, the news just seems to hover on this and "identity theft" a lot recently. It's been happening since the 80's.

  2. A better question by Anonymous Coward · · Score: 4, Interesting

    A better question is, how much of this information is real?

    1. Re:A better question by temcat · · Score: 4, Interesting

      Most of it is real, believe me. Whay fake something as big as countrywide database when you can easily bribe the right person and get the real thing. Recently there was a scandal when a Central Bank (!) database was stolen. But this is for big boys; as to the general public, stolen mobile operators databases are very popular here, because we don't have official telephone directories with personal phone numbers.

  3. Disinformation? by Anonymous Coward · · Score: 5, Interesting

    A massive flood of fake information would dilute the value of stolen i.d. right?

  4. What, /.? You don't like it? by chocolatetrumpet · · Score: 4, Funny

    But, I thought information wants to be free?

    --
    Spoon not. Fork, or fork not. There is no spoon.
  5. Because as a wise person once said... by truckaxle · · Score: 5, Funny

    Sell a man a phish he can scam for a day, but teach him how to phish and he can scam for himself for a lifetime.

  6. Buy from gangster, get burnt by Willeh · · Score: 4, Interesting
    Yeah right, and what's to say this information is actually valuable? TFA says that at least some of it is, but just like bulk email lists there's bound to be a lot of chaff in all of it, due to natural entropy of data, etc etc.

    And it's not like these lists ever get refreshed much, so what you end up with is increasingly less useful data in these lists, and the vendors don't even care about it. It's just the nature of the beast (and the overall state of former Russia, where anything goes).

    --
    Will wank off Linus Torvalds for fame.
  7. Another example of security through obscurity. by Behrooz · · Score: 4, Insightful

    The question is, how much of this information is being sold in other countries, perhaps in a more sophisticated manner?

    All of it, of course. Sooner or later we're going to have to get used to the idea that the concept of preserving privacy as a society disproportionately benefits individuals and groups with the resources to acquire and disseminate information regardless of the obstacles in their way.

    It's too late to save privacy as most people currently envision it. What we need to be doing as a society is focus on transparency and equality-- ensuring that all parties in the social contract stand on an equal footing with regard to what information is publicly available. Secrecy is most dangerous when the powers that be insist that it be one-sided...

    --
    "We have to go forth and crush every world view that doesn't believe in tolerance and free speech." - David Brin
  8. It's just going to get worse by The+Slaughter · · Score: 4, Insightful

    I think this has always been around, but with the proliferation of the digital era, it becomes easier to make a thousand copies of something.
    Look at medical records, it used to take a few minutes while they looked for your chart. At the medical clinic I currently go to they can locate you instantly. When you go into the doctor's office, he has your information on-screen. If something like a patient's chart goes missing, there's physical evidence that it's gone. But if a computer is poorly secured, you may not ever realized it was compromised.
    What really bothers me is who is purchasing this information. My medical records would be pretty harmless to most people, but what if a coworker with a grudge were to find out about a deadly allergy I have? There's always that scary potential you don't necessarily think about. What if a terrorist uses your identity to get into the country and commit nefarious deeds? Could you be imprisoned while they go free?

    1. Re:It's just going to get worse by RAMMS+EIN · · Score: 4, Insightful

      ``What if a terrorist uses your identity to get into the country and commit nefarious deeds? Could you be imprisoned while they go free?''

      With the current paranoia, definitely. It's better to be safe than sorry, so let's send back that plane that has someone on board who might be a terrorist (and, after all, anybody could be a terrorist), and let's keep these people safely locked up without a trial, until maybe someday we have some evidence against them, or perhaps for them.

      Seriously. The principle that you're innocent until proven guilty is a healthy one. There's also a reason this has to be proven in front of a judge. These people are trained to be impartial, and to spot weaknesses in the argumentation and evidence on both sides. People in general are easily swayed, especially with media influence.

      Now, to return to your issue about computers, that's a very good point, and highlights an important problem. People think computers don't make mistakes, and information that is stored there and backed up is safe. Both of these are pretty much correct. However, that does not mean that what comes out of a computer is correct in any sense. People still make mistakes when entering information, and I think we here all know how sad a state computer security is in.

      Especially falsification of information from inside is a very real threat. In most applications I have seen, this leaves no traces unless you want it to. Very different from handwritten information, where it's easy to see that something was written by a different person, and investigation may even reveal who that person is. If not by the handwriting, then by the fingerprints.

      Many of these fallbacks are simply not available in computer systems, and with computers being the backbone of virtually everything organized, I think we ought to be really concerned. And, I might add, the fact that most of these are running known faulty software and operated by non-computer-savvy people does not make it any better. Nor does the fact that the workings of said faulty software are hidden.

      --
      Please correct me if I got my facts wrong.
  9. not only in Russia by Mrs.+Grundy · · Score: 4, Insightful

    What is going on in Russia IS a little scary, but is it really any different that buying the same information from one the businesses operating in the US like choicepoint? The government and industry buys information from HUGE databases legally here in the united states, but for some reason people make it seem scarier when it is a Russian kiosk instead of an american corporation even though both exercise about the same amount of restraint and ethics concerning to whom they will sell information.

  10. I'm not surprised by Underholdning · · Score: 4, Insightful

    The rule of thumb is: Do not worry about the means of transport, but the destination.
    In other words - don't worry if the encryption used to send the data is 128 bit or 1024. No one will bother try to sniff'n'hack it anyways. Worry about whom you're giving your info to. Sure - they may have cheap DVD's, but in order to sell you cheap goods, they must save money in other areas. Security is (sadly) one of the first things to go.

    --
    Underholdning.info
  11. not just Moscow by Ingvar77 · · Score: 5, Interesting

    In every major Russian city you can obtain almost for free a database with phone numbers(including cell), addresses, car registry and pasports for all citizens of this city.
    Even more, it's hard to find a PC in my own city that doesn't have a "Megapolice" database, which contains all above information accessible throught a single easy-to-use interface.

  12. "Private Eye" CD by Anonymous Coward · · Score: 5, Interesting

    A few years ago in Israel a CDROM started circulating with information about more-or-less the entire population. The database was probably leaked from the Ministry of Interior. It was originally used by a private investigations firm but a copy leaked and started circulating freely.

    IMHO, once it's out there it's everyone's civil duty to get a copy, just to level the playing field.

  13. Buying Personal Info, U.S. Style by divide+overflow · · Score: 4, Interesting


    The easiest way to buy personal information here in the U.S. is to set up a fake company, then request the desired information from one of the major credit bureaus: Experian, Equifax, TransUnion, or ChoicePoint. Back in February ChoicePoint admitted to releasing the information on at least 145,000 consumers to fake companies.

  14. What is unusual about this? by dan+dan+the+dna+man · · Score: 4, Interesting

    In the UK I've had the ... pleasure (?) ... of knowing some exceedingly dodgy people with very good technical skills. This information has been available to criminals with the requistite amount of cash as long as hackers (sorry crackers) decided they could make a fast buck doing companies rather than pootling around insecure university networks.

    Nothing new here and it certianly isn't limited to dodgy stalls in Moscow markets or corrupt outsourced callcentre employees.

    --
    I don't read your sig, why do you read mine?
  15. Old trick with new methods by Peyote+Pekka · · Score: 4, Informative
    The difference is that since the 80's it is much easier. Personal data on Windows servers has made getting personal data that much easier. Doing that and connecting it to the Internet is just asking for a gross- or willful-negligence lawsuit. Take the case of the recent Mastercard incident: (sorry, link in Finnish)

    People burned by that one could go for a class action lawsuit against either Mastercard their service supplier or the software vendor or a combination. There's no excuse for using tools known to be defective in a networked context.

    Increasingly that said same vendor has been associated with breaches of security and failures. A year ago it was voting machines now this...