Slashdot Mirror

← Back to Stories (view on slashdot.org)

40 Million Identities Up For Sale On the Web

Posted by kdawson on from the big-fat-target dept.

An anonymous reader writes "Highly sensitive financial information, including credit card details, bank account numbers, telephone numbers, and even PINs are available to the highest bidder. The information being traded on the Web has been intercepted by a British company and collated into a single database for the first time. The Lucid Intelligence database contains the records of 40 million people worldwide, mostly Americans; four million are Britons. Security experts described the database as the largest of its kind in the world. The database is in the hands of Colin Holder, a retired senior Metropolitan police officer who served on the fraud squad. He has collected the information over the past four years. His sources include law enforcement from around the world, such as British police and the FBI, anti-phishing and hacking campaigners, and members of the public. Mr. Holder said he has invested £160,000 in the venture so far. He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached."

17 of 245 comments (clear)

  1. splitting hairs by tverbeek · · Score: 5, Interesting

    "He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached."

    How, exactly, does this differ from extortion?

    --
    http://alternatives.rzero.com/
    1. Re:splitting hairs by amicusNYCL · · Score: 2, Interesting

      No, you don't understand, that's not what this fine ex-cop is doing. It would be equivalent if you went around buying everyone's stolen goods, and then in order to recoup that cost, you charged people for the privilege of knowing whether or not their goods were stolen.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    2. Re:splitting hairs by Civil_Disobedient · · Score: 2, Interesting

      Yeah, I don't understand how even possessing that kind of database is legal, let alone trying to charge people for access to it.

      I think this guy's business model needs some work.

    3. Re:splitting hairs by Civil_Disobedient · · Score: 3, Interesting

      a world in which it was a crime simply to possess certain information would be very scary

      Uh, you do realize you already live in that world, right? Right?

  2. So let me get this straight... by FSWKU · · Score: 5, Interesting

    He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached.

    So in order to find out if your personal information has been breached, you have to disclose said information AND pay a fee. Seems a little fishy to me. Isn't that how a lot of identity-theft scams operate in the first place? "Hey, your identity is at risk. Send us money and details and we'll check to see if you're a victim or not.........and.....YES...you are now a victim! Thank you for using Thieves-R-Us!"

    --
    "So after all this, you make my case for me. To end this stalemate, you must die..."
    1. Re:So let me get this straight... by mcrbids · · Score: 3, Interesting

      It took me about 10 minutes to create this simple web-page would could conceivably be used to steal identifying information. It would take a few hours to add stuff like the ability to run credit cards, and simulate a faux "Your identity was not found".

      This website was easy to make using a free template found online. With the exception of the target page for all the links, it would easily pass the "sniff test" for many people. It looks friendly! It's got a kid and a butterfly on it! The news stories are current! (copy/paste from google news for "Identity Theft") Feel free to check it out. Total time spent was about 10-15 minutes. (I purposefully put in a few spelling/grammar mistakes, just to exaggerate my point)

      So I hack up a spam engine, log in via some open wifi hotspot, and I have a business overnight? ID theft is much, much easier than we all think. And we want to believe that this guy isn't also doing it?

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
  3. If he has my sensitive data... by DreadfulGrape · · Score: 2, Interesting

    ... can I then sue him for illegally possessing my sensitive data?

    --
    sig has been sent away for a few small repairs...
  4. This is probably illegal to sell by davidwr · · Score: 1, Interesting

    He almost certainly obtained his information legally, but some or most of it came with strings attached, including prohibitions on any non-official or personal use.

    I predict any attempt to monetize this by a private individual will be shot down fast.

    It's one thing for a government to provide this service on a cost-recovery basis, under heavy regulation.

    It's quite another for someone to collect this data under "official" or "can I have it as a favor" pretenses or even buy it on the "open market" but use the fact that you are in government to make people think you won't abuse it then turn around and sell the same information. Even if he's doing it on a cost-recovery basis, I don't see any regulation and it just looks bad.

    What he should do:
    Sort the data by country of residence or nationality, then give the data to those countries' governments or simply destroy it. If he asks nicely for donations and is clearly being good about the way he handles this, he might get enough to cover his costs.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  5. I'd like to check my personal details please .... by whoever57 · · Score: 2, Interesting

    My name? It's Bill Gates. Oh, no, it's Warren Buffet .... Barak Obama.......

    --
    The real "Libtards" are the Libertarians!
  6. The answer is always "yes." by zippthorne · · Score: 3, Interesting

    It's far more brilliant.

    You must give him some information about yourself to determine if you're in the database, non? Information that includes your credit card numbers, perhaps. Where do you think that data goes, I wonder.

    --
    Can you be Even More Awesome?!
  7. If he really wanted to do the right thing... by 3seas · · Score: 4, Interesting

    ... he'd notify the relative banks and get them to issue new cards to the card holders and then cancel the old account numbers.

    Or isn't that something a police officer would not do?

    Aren't the police supposed to help protect the public?

  8. Re:Where does a cop get £160,000? by Anonymous Coward · · Score: 5, Interesting

    Actually, under the Data Protection Act he isn't allowed to hold that database at all. This will end very badly for him.

  9. Re:A discussion on morality. by dave562 · · Score: 2, Interesting

    I thought that you were allowed to obtain your credit REPORT for free once or twice a year. The credit SCORE is considered proprietary information and therefore subject to a fee. I think it's a load of crap. If there was justice in the world, ANY information that ANYBODY uses as part of a process to determine how they interact with and treat you, should be freely available to you.

  10. Re:Ridiculous by sbeckstead · · Score: 3, Interesting

    I got mine stolen by using my teller card in a machine in Orange County California. I've never actually had it stolen on line. Always by physical means.

    --
    Why bother
  11. Ethics? Hello? UK? Anyone home? by Mashiki · · Score: 2, Interesting

    I realize this is going by the wayside and all that, but doesn't anyone in the UK police service get ethics training anymore? Let alone have some type of psych eval when they join like they do in Canada? Some serious ethical questions that should be raised not only by his service, but also by the crown.

    Regardless of whether or not he retired from being a police officer or not, there's some things that don't go away when you retire. He's crossed a line, whether he realizes it yet or not. Then again, this being the UK, maybe I shouldn't be surprised, if this is commonplace for retired officers to pull stuff like this, it could be an example of how deep the rot actually goes in their entire system.

    --
    Om, nomnomnom...
  12. Re:Where does a cop get £160,000? by Derosian · · Score: 4, Interesting

    Actually in the US using police or federal services for personal use as an officer is a felony, thus if this guy was an American police officer he would be arrested and all his information would be confiscated as evidence for his trial.

  13. Re:Where does a cop get £160,000? by sofar · · Score: 2, Interesting

    Actually, the US can have him extradited and convicted even if he didn't commit any act on US soil. Just look what happened to the UK hacker that got extradited, and the fellows who were claiming political asylum in the US for something they did outside the US.

    Endangering the economic well-being of americans will likely not go unpunished, especially if amongst those are lobbyists, military personnel, etc.