Data Gobblers Hacked (and Tor, JYA on communication tech)

Soo… remember way back when, when I was ranting on about how centralizing data in one place was REALLY BAD and to be avoided at all costs?

There are companies that do that professionally, you know, for a living. Firms like Lexis-Nexis, Kroll, and Dunn & Bradstreet specialize in pulling together the intimate confidential details of world+dog+company in one convenient place… so “legitimate” users (read: people with money or badges) can access it.

Wait, did I say “legitimate”? Oops, that should be “legitimate or Russian criminal underworld.” And probably everyone else with a decent level of skill at hax0ring.

For the last two years, the web site has been selling personal data on anyone in the US for $0.50-$2.50 per record, with more elaborate services up to $15.

Their reach included, famously, the directors of the FBI and CIA, Bill Gates, and Kanye West.

“I’m really happy for you, Imma let you finish, but Beyonce had one of the most entertaining credit histories of ALL TIME!”

(Yeah, hers got pulled too.)

Where’d they get this über-sensitive data? The source. The data brokers. And no, not just one of them — all three of Lexis-Nexis, Kroll, and Dunn & Bradstreet were part of a small but very effective “botnet” feeding data to the Russkies.

Why go to all this trouble? Because the US financial industry are big fans of “knowledge-based authentication” — “before we’ll transfer all your money to Kazakhstan, could you tell us what your last mortgate payment was?”

With this kind of access, even Mr. Sagdiyev would have no trouble answering that. For anyone.

In retrospect, I wonder what the legality would be of looking yourself up via one of these services…

Someone evidently told the Tor folks that blocking on FOIA requests was bad PR — EPIC got their docs. Nothing interesting that I found (then again, FOIA requests rarely produce anything.)

JYA points out that when it comes to communications, “there’s a better way”:

Date: Wed, 25 Sep 2013 16:07:10 -0400
From: John Young
To:,, Subject: The Compromised Internet

Now that it appears the Internet is compromised what other
means can rapidly deliver tiny fragments of an encrypted
message, each unique for transmission, then reassembled
upon receipt, kind of like packets but much smaller and less predictable, dare say random?

The legacy transceiver technologies prior to the Internet or developed parallel to it, burst via radio, microwave, EM emanations, laser, ELF, moon or planetary bounce, spread spectrum, ELF,
hydro, olfactory, quanta, and the like.

Presumably if these are possible they will remain classified, kept in research labs for advanced study, or shelved for future use.

Quite a few are hinted at, redacted and partially described in NSA technical publications from 25-50 or so years ago. Many
developed for military use and the best never shared with the public.

A skeptic might suppose the internet was invented and promoted as a diversion along with public-use digital cryptography. This ruse has led to immense growth in transmission-breakable ciphers
as well as vulnerable transceivers. Packet techology could hardly be surpased for tappability as Snowden and cohorts disclose the tip of the iceberg. Ironically, the cohorts believe encryption protects their communications, conceals his location and cloaks the

“An identity theft service that sells Social Security numbers, birth records, credit and background reports on millions of Americans has infiltrated computers at some of America’s largest consumer and business data aggregators, according to a seven-month investigation by KrebsOnSecurity.

ssndobhomeThe Web site ssndob[dot]ms (hereafter referred to simply as SSNDOB) has for the past two years marketed itself on underground cybercrime forums as a reliable and affordable service that customers can use to look up SSNs, birthdays and other personal data on any U.S. resident. Prices range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks. Customers pay for their subscriptions using largely unregulated and anonymous virtual currencies, such as Bitcoin and WebMoney.

Until very recently, the source of the data sold by SSNDOB has remained a mystery. That mystery began to unravel in March 2013, when teenage hackers allegedly associated with the hacktivist group UGNazi showed just how deeply the service’s access went. The young hackers used SSNDOB to collect data for, a Web site that listed the SSNs, birthdays, phone numbers, current and previous addresses for dozens of top celebrities — such as performers Beyonce, Kanye West and Jay Z — as well as prominent public figures, including First Lady Michelle Obama, CIA Director John Brennan, and then-FBI Director Robert Mueller.[…]

But late last month, an analysis of the networks, network activity and credentials used by SSNDOB administrators indicate that these individuals also were responsible for operating a small but very potent botnet — a collection of hacked computers that are controlled remotely by attackers. This botnet appears to have been in direct communications with internal systems at several large data brokers in the United States. The botnet’s Web-based interface (portions of which are shown below) indicated that the miscreants behind this ID theft service controlled at least five infected systems at different U.S.-based consumer and business data aggregators.


Two of the hacked servers were inside the networks of Atlanta, Ga.-based LexisNexis Inc., a company that according to Wikipedia maintains the world’s largest electronic database for legal and public-records related information. Contacted about the findings, LexisNexis confirmed that the two systems listed in the botnet interface were public-facing LexisNexis Web servers that had been compromised.[…]

For its part, LexisNexis confirmed that the compromises appear to have begun in April of this year, but said it found “no evidence that customer or consumer data were reached or retrieved,” via the hacked systems. The company indicated that it was still in the process of investigating whether other systems on its network may have been compromised by the intrusion.[…]

Dun & Bradstreet and Altegrity were less forthcoming about what they’d found so far. Elliot Glazer, chief technology officer at Dun & Bradstreet, said the information provided about the botnet’s interaction with the company’s internal systems had been “very helpful.”[…]

vivah Litan, a fraud analyst with Gartner Inc., said most credit-granting organizations assess the likelihood that a given application for credit is valid or fraudulent largely based on how accurately an applicant answers a set of questions about their financial and consumer history.

These questions, known in industry parlance as “knowledge-based authentication” or KBA for short, have become the gold standard of authentication among nearly all credit-granting institutions, from loan providers to credit card companies, Litan said. She estimates that the KBA market is worth at least $2 billion a year.[…]

Litan related a story she heard from one fellow fraud analyst who had an opportunity to listen in on the KBA questions that a mortgage lender was asking of a credit applicant who was later determined to have been a fraudster.

“The woman on the phone was asking the applicant, ‘Hey, what is the amount of your last mortgage payment?’, and you could hear the guy on the other line saying hold on a minute….and you could hear him clicking through page after page for the right questions,” Litan said.”

%d bloggers like this: