Slashdot Mirror

← Back to Stories (view on slashdot.org)

Study Finds Hundreds of Stolen Data Dumps

Posted by timothy on from the at-least-the-criminals-love-me dept.

Steve writes "SecurityFix reports that a group of researchers from Germany published a study in which they analyzed several hundred so-called 'drop zones,' i.e. anonymous collection points of illicitly collected data stolen with the help of keyloggers. 'Their findings, which drew from stolen data harvested from these drop zones between April and October 2008, were staggering: 33 gigabytes worth of purloined data from more than 170,000 victims. Included in those troves were more than 10,700 online bank account credentials, 149,000 stolen e-mail credentials, 5,682 credit card numbers, and 5,712 sets of eBay credentials. [...] Using figures from Symantec's 2007 study on the prices that these credentials can fetch at e-crime bazaars, the researchers estimate that a single cyber crook using one of these kits could make a tidy daily income. The full report [PDF] contains some more interesting details.'"

14 of 58 comments (clear)

  1. Yep. We're vulnerable. by theaveng · · Score: 5, Insightful

    I've often thought that, over the ~15 year span that I've been surfing the web, I opened-up way too many accounts. I've forgotten most of them, and yet my name and address still sits there in the databases just waiting to be hacked (or sold).

    --
    FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
  2. And a.... by Anonymous Coward · · Score: 2, Funny

    "10,700 online bank account credentials, 149,000 stolen e-mail credentials, 5,682 credit card numbers, and 5,712 sets of eBay credentials."

    *sings* And a partridge in a pear tree...

  3. Re:Yep. We're vulnerable. by Thanshin · · Score: 2, Funny

    Indeed.

    However I don't really mind that they sell all info regarding Mr. X Smith, who currently lives in n123 Candy st. / Magicland.

  4. Re:How are they storing this data? by Ihmhi · · Score: 2, Informative

    Profile pages could have just been saved wholesale rather than text files?

    Or perhaps it's all in a huge database with a searchable index.

    --
    Random Thoughts From A Diseased Mind (Not For Dummies)
  5. Re:How are they storing this data? by diskis · · Score: 4, Funny

    Raw data from keyloggers?
    I think gamers can quickly fill up 138kB with lots of w,s,a and d keypresses :)

  6. Re:Yep. We're vulnerable. by sakdoctor · · Score: 4, Funny

    I feel sorry for bob@aol.com, the real resident of 123 Fake street, and the unlucky person who got the telephone number 01234567890

  7. Re:Yep. We're vulnerable. by morgan_greywolf · · Score: 5, Funny

    Hey! Those are BOTH ME, you insensitive clod!

    -- Bob <bob@aol.com>
    (012) 345-6789

    --
    My blog
  8. Re:Yep. We're vulnerable. by HAKdragon · · Score: 3, Informative

    It's been my experience that in the US, the number will stay the same, but the 3 digit validation number will change, as will the expiration date - both of which are needed for doing online transactions.

    --
    "Our opponent is an alien starship packed with atomic bombs. We have a protractor."
  9. Re:Yep. We're vulnerable. by xaxa · · Score: 3, Informative

    the unlucky person who got the telephone number 01234567890

    That's a real telephone number in the UK. It would be allocated to someone in/near Bedford (01234). Possibly this private hospital (which is in Essex, but the company office given at the bottom of the screen is in Bedford).

  10. Re:Yep. We're vulnerable. by achenaar · · Score: 3, Funny

    That depends if you're referencing WTC or the Winsock Error 10048 - Address already in use.
    Personally, I quite like the irony of the Winsock Error one.

  11. Re:How are they storing this data? by Da+Fokka · · Score: 3, Funny

    Hahaa! That's why I use asdfasfd as my online banking password.

  12. New Passwords by Xandar01 · · Score: 2, Funny

    >Modern keyloggers use algorithms and/or regex to find certain data like credit card numbers or email addresses and some even specifically filter out "wasd" patterns.

    Then make all your passwords "wasd" derivatives!

    --
    Life moves pretty fast; if you don't stop and look around once in a while, you could miss it. -FB
  13. Sorry to say.. by hesaigo999ca · · Score: 2, Insightful

    Is it just me, or does this seem pretty sad, that so many of today's so called security companies, don't bother to contact the victims of this to at least tell them "Hey you might want to change your password to your online banking, someone stole it, or etc..."

    I am dissapointed by our leading security community, for leaving these "dumps" in the open to review them, yes after a few days or weeks of activity, ...ok, but then afterwards, contact the victims and let them know they have been compromised.

    When do they hear about it, ...never???

  14. A fine evaluation by the researchers by saintsfan · · Score: 2, Insightful

    job well done. They realized that the crooks stealing information from average computer users - novice, gullible and/or unconcerned - are just as susceptible themselves. Bugs in the exploiting software, misconfigured servers, and unsophisticated application programming logic can be used against them. The drop sites can be identified and apparently often times compromised, there is weakness in the system. But not just any system, a systemic international problem of organized crime (at times loosely) that threatens the financial and private information of average citizens, institutions and critical information systems. Now, why is it that researchers from a university are apparently more capable of identifying, evaluating, and investigating these risks then the many government organizations and private institutions tasked with these responsibilities? know where a drop zone is? shut it down. know who downloaded the information? Arrest them. identify the communication patterns of the trojans? scrub them. you don't know these things? change your tactics and pay attention.