Slashdot Mirror
Glut In Stolen Identities Forces Price Cut
CowboyRobot writes "The price of a stolen identity has dropped as much as 37 percent in the cybercrime underground: to $25 for a U.S. identity, and $40 for an overseas identity. For $300 or less, you can acquire credentials for a bank account with a balance of $70,000 to $150,000, and $400 is all it takes to get a rival or targeted business knocked offline with a distributed denial-of-service (DDoS)-for-hire attack. Meanwhile, ID theft and bank account credentials are getting cheaper because there is just so much inventory (a.k.a. stolen personal information) out there. Bots are cheap, too: 1,000 bots go for $20, and 15,000, for $250."
Seriously! If you even suspect that the machine you're working from has ben compromised by malware, CHANGE YOUR PASSWORD to the accounts you've used via a known clean computer. Then proceed to nuke the drive from orbit and reload the OS and apps. Botnets are known sources of dropping key loggers and harvesting user data to a central database.
Life is not for the lazy.
Exactly. You aren't going to successfully withdraw all $150k in one go. Withdraw $100 once or twice a week, and there's a decent chance the owner may not notice for some time.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
So, if I'm to follow the reasoning of this article, if we all use weak passwords , the market gets flooded and they all go out of buisness?
SWEET
password:password, here I come!
I think it goes without saying that when someone sells a $150k bank account for $400, it's because they know they can't withdraw more than $400 without getting caught.
Criminal activity often involves taking a great deal of value from the victim and converting it to a much more modest value for yourself.
In economic terms, the difference represents the risk taken. The guy who grabs the ID info sees little risk in that, but there is considerably more risk in actually using the info, so it sells at a steep discount.
This sort of thing actually is undermining the banking system. How long will it be before a transaction is as likely to be fraudulent as not?
I'd like to cut out the middle man and sell my Identity.
40 bucks buys a few cases of beer - just sayin...
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
'Identity theft' should be recognized for what it really is, bank fraud.
First the crooks defraud the banks by performing transactions in someone else's name. This is aided by the banks insistence on not implementing secure authentication.
Then the banks defraud you by insisting that you are responsible for the transactions in spite of not having a single shred of evidence that you made them.
The credit agencies compound it by repeating the bank's financial gossip with a wanton disregard for the truth.
The 'justice system' then aids and abets by not telling the banks to pound sand and by not convicting the credit agencies for libel./p.
Moving $60k online doesn't do you any good. You move it from their bank account to...what? Another stolen account that you can't withdraw from? Or one that has your address? Or one with a stolen SS#, but that has you on security cam footage? You move that kind of money out and you are going to be caught.
Here, take my identity, please!
You get to assume a recent bankruptcy, a child support obligation, a spotty employment record, a sub-500 credit score, three maxed-out credit cards, a beater car, and a psychotic ex-wife.
Clean arrest record and a good tech education, though. Maybe you could apply to a NSA contractor.
Reminds me of the time my brother had his wallet stolen. When I asked him if he cancelled his credit card, he said "Hell no! The thieves are spending less than my wife usually does".
It's time to get the government out of the identity theft business, as it is clearly wildly distorting the market.
No kidding!!! What do you say at this point?
Don't you know private industry is the epitome of security and efficiency? That's why the private sector is never plagued by budget overruns or mismanagement.
Why do you hate America, you filthy communist?
Calling for something to be a capital crime should be a capital crime.
O shi-
It's interesting for what it implies:
Stealing personal data is easy and cheap. Cashing out certainly isn't, and is where banks' "defence in depth" security strategy pays off.
It should be easy enough for someone here to harvest phonebook or other records from 70 years ago, refresh and randomize birth dates, and begin to flood the identity theft market with fake personalities and random government identity records. That would greatly increase the amount of work for identity thieves, who actually benefit from passwords (which provide evidence it's bonafide identity they are stealing). For years I've promoted "camouflage" rather than invisibility. I now think the reason it has not taken off (disappearance of AntiPhorm?) is that it's equally a threat to Google, Bing, and advertising-based search engines. We can be less careful of our "identity needles" if we construct bigger "digital haystacks".
See article on digital haystacks and cookie camouflage http://retroworks.blogspot.com/2010/09/simpler-ideas-cookie-camouflage-digital.html
Oh, by the way, I'm not really Retroworks. I find I get higher mods if I steal a /. identity rather than to submit AC
Gently reply
Money mules are people tricked into agreeing to whitewash the stolen money by accepting the money withdrawn from the stolen account and then transferring it via wire transfer to the plunderer.
When the original owner of the account sees the transfer, he will call the bank and reverse it. At this time, the money mule will already have withdrawn the money from their account and transferred it. This leaves the money mule with the debt incurred, because they now lose the money from the stolen account, and are thus effectively paying the plunderer from their own money.
This puts the value of a stolen account to about the amount of money the money mule will be able to cough up until their own bank takes action.
Usually the plan is not to withdraw money from the account directly. Too easy to get caught, owner of the account usually notices pretty quickly. Instead the account is used to open other accounts or take out loans which are then defaulted on.
This is pretty common in the UK. We have these shitty pay-day loan companies that charge 5000% interest and do only the most basic checks before handing over the cash. People give them someone else's name and bank account, so the first thing the victim knows about it is when Wonga starts taking internet payments by Direct Debit.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Exactly this. When my identity was stolen, the thieves didn't use it to find and break into my bank account. Instead, they opened a credit card in my name (with my address, SSN, and DOB, but NOT with the correct Mother's Maiden name - red flag #1). The only reason they didn't get away with it was that they 1) paid for rush shipment of the credit card and 2) then immediately changed the address (red flag #2). So the card got shipped out quickly to my address and THEN the address was changed. The card arrived at my doorstep instead of theirs. Of course, that didn't stop them as they tried to get a $5,000 cash advance before even activating the card (red flag #3).
And the credit card company's response to me? "Are you sure your wife didn't open the card in your name without telling you? No? Well, we can't give you any information on the account because if you go and kill them then we're liable." They stonewalled me and when I got the police involved, they directed them to a number that was never answered. To them, they just closed the account and the problem was solved. Actually helping to catch the people who did this would involve effort that they weren't willing to put in. That's why Capital One credit card's are not and will never be "what's in my wallet."
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Why would I, I never had any dealings with John Doe at all. I am not the one demanding money, why should the burden of proof fall to me?
It's the bank that had unfortunate dealings with Mr. Doe and rather carelessly handed him a wad of cash without knowing who he was.
If they want any money from me, it's up to them to prove I owe it to them. And I don't mean a piece of paper with an illegible scrawl anyone could have made, I mean actual proof. A picture of me (that actually looks like me) holding the paper and smiling might help, but given the reputation of banks (they have, after all, a history of foreclosing on homes they don't hold a loan on and many other acts of fraud) and the existence of photoshop, it wouldn't constitute absolute proof.
At one time, banks were quite careful to avoid even the tiniest hint of impropriety and deserved a reputation for honesty so strong that often enough their word was nearly proof in itself. That day is long gone and they have well and thoroughly squandered their reputation (along with a great deal of other people's money).