Slashdot Mirror

← Back to Stories (view on slashdot.org)

LexisNexis and Other Major Data Brokers Hacked By ID Theft Service

Posted by Unknown on from the someone-forgot-to-install-rkhunter dept.

gewalker writes "Have we reached the point where it is time to admit that the ID thieves are winning and will continue to win as long as their incentives are sufficient to make it lucrative for them? According to Krebs On Security an analysis of a database pilfered from commercial identity thieves identified breaches in 25 data brokers including the heavyweights Dun and Bradstreet and LexisNexis." And they had access for months to most of them. From the article: The botnet’s online dashboard for the LexisNexis systems shows that a tiny unauthorized program called nbc.exe was placed on the servers as far back as April 10, 2013, suggesting the intruders have had access to the company’s internal networks for at least the past five months. The program was designed to open an encrypted channel of communications from within LexisNexis’s internal systems to the botnet controller on the public Internet." The companies compromised aggregated data for things like "credit decisions, business-to-business marketing and supply chain management. ... employment background, drug and health screening."

3 of 99 comments (clear)

  1. It's worse than that... by Anonymous Coward · · Score: 5, Informative

    Lexis Nexis has a database of all united states citizens compete with full address history, SSN, DOB, associations such as relatives and neighbors, and you can cross reference and search the different relationships. They purchase the info from the government and then banks use them to verify information on credit applications by paying for the service and simply accessing a web interface via ssl over the public internet. I know this because I used to work for a large bank doing just that.

  2. Re:This is what IDS/IPS appliances are for... by cyberpocalypse · · Score: 4, Informative

    I believe there is more going on to this than you would understand. For example, the Zeus/Qakbot strain always downloads a file. Most times it will be randomized. For arguments sake, lets say it was named nbc.exe. What Zeus/Qakbot did was communicate out via IE. Even though the nbc.exe was the application responsible for running the show, the communications portion was done via good ole GET and POST via HTTPS. At issue with detecting nbc.exe where Zeus/Qakbot was/is concerned, is the fact that the operators of the malware were/are changing the executable N amount of hours. So most AV systems wouldn't even detect it. So no... IPS/IDS here means nothing. Blacklisting *may* have worked to stop the communication, but even then a fast flux would have trumped that.

  3. Re:This is what IDS/IPS appliances are for... by cyberpocalypse · · Score: 4, Informative

    You're missing the gist of it here. The reality on production server is, most are locked down from egress attacks. This does not stop, minimize, and or deter an attacker from hitting you up with a client side attack on a non-production machine, passing a hash, then to and from trusted sources until it gets out: Attacker --> client side --> workstation workstation --> attack --> production server production server workstation workstation --> via SSL --> attacker. This would fill a wiki page so I will stop there. There was a point to be made without me having to spell things out