Cybercriminals Offer Fake/Fraudulent Press Documents Accreditation On Demand

In a cybercrime ecosystem, dominated by fraudulent market propositions, and new market entrants occupying new market segments on a daily basis, cybercriminals are perfectly positioned, to continue offering, commoditized underground market goods, such as, for instance, fake documents, for the purpose of generating fraudulent revenue, while empowering fellow cybercriminas, with the necessary tools to further commit fraudulent activities.

In this post, we'll, discuss a newly launched service, offering fake press accreditation documents, and discuss the overall relevance of the service, in the context of the underground marketplace's ongoing commoditization, basic market segmentation concepts, as well as newly applied concepts such as DIY (do-it-yourself) type of services, and basic OPSEC with QA (Quality Assurance) in mind.

The service is currently offering custom-made press accreditation documents for the Russian Federation, allowing potential cybercriminals the ability to access press-free zones, potentially commiting related fraudulent activities.

The price varies between $62 and $130 depending on the number of fake documents requested, including the option to request anonymous delivery of the fake documents.

Thanks to a vibrant DIY (do-it-yourself) custom-based type of fake documents generating market segment, cybercriminals, have also successfully managed to efficiently streamline the process of generating these documents, applying, both, basic OPSEC (Operational Security) measures in place, to ensure that they're perfectly positioned to reach to their targeted audience, while preserving a decent degree of their operational procedures, as well as Q&A (Quality Assurance) processes, to further ensure the quality of their underground market proposition.

We expect to continue observing a decent supply of segmented market propositions, targeting, both, novice and experienced cybercriminals, seeking to obtain fake documents, on their way to commit related fraudulent activities.

Related posts:

A Peek Inside the Russian Underground Market for Fake Documents/IDs/Passports

Newly Launched 'Scanned Fake Passports/IDs/Credit Cards/Utility Bills' Service Randomizes and Generates Unique Fakes On The Fly

Vendor of Scanned Fake IDs, Credit Cards and Utility Bills Targets the French Market Segment

Cybercriminals Offer High Quality Plastic U.S Driving Licenses/University ID Cards

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

Continue reading →

Personal Data Security Breaches - 2000/2005

Another invaluable CRS report that I came across to, including detailed samples of all the data security breaches in between 2000 and 2005(excluding the ones not reported or still undergoing of course), covering :

- The accident
- Data publicized
- Who was affected
- Number of affected
- Type of data compromised
- Source of the info

Here are some cases worth mentioning as well :

1. Indiana University - malicious software programs installed on business instructor’s computer, November, 2005
2. University of Tennessee -inadvertent posting of names and Social Security numbers to Internet listserv, October, 2005
3. Miami University (Ohio) - report containing SSNs and grades of more than 20,000 students has been accessible via the Internet since 2002, September, 2005
4. Kent State University - five desktop computers stolen from campus, 100,000 people affected, September, 2005
5. University of Connecticut -hacking - rootkit (collection of programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network)placed on server on October 26,2003, but not detected until July 20, 2005

Quite a huge number of exposed people, and 20% of the problem represents lost or stolen laptops or tapes, the rest is direct hacking of course. It's impressive how easy is to get access to sensitive, both personal and financial information though what is already stored somewhere else in a huge and plain-text database for sure. And that simply shouldn't be allowed to happen, or at least someone has to be held accountable for not taking care of the confidentiality of the information stored.

Technorati tags :
security,information security,id theft,security breach,security statistics

Continue reading →

To report, or not to report?

Computerworld is running a story that, “Three more U.S states add laws on data breaches”, but what would be the consequences of this action? Less security breaches? I doubt so. Realistic metrics and reactions whenever an actual breach occurs, as well as its future prevention measures? Now that’s something I think.

Such legislations have a huge impact, both, on the industry, the public opinion, and company itself. No one likes admitting getting hacked, or having sensitive information exposed to unknown and obviously malicious party. Yet, if it wasn't companies reporting these breaches, thousands of people would have been secretly exposed to possible identity theft, and we’ll be still living with the idea that the Megacorporations are responsibly handling our information. Which they obviously aren’t! And even if they try to hide it, sooner or later a victim will starting digging in, and the story ends up in mainstream news. Privacyrights.org have taken the time and effort to compile a "A Chronology of Data Breaches Reported Since the ChoicePoint Incident", and as you can see, it's not getting any better, though, reporting and legislations have the potential to change a lot.

At the bottom line, I am a firm believer that, reporting breaches greatly improves the accuracy of security metrics, and hopefully the solutions themselves. Security through obscurity is simply out of question when it comes to storing unencrypted databases online, or even distributing them offline, though, it’s still obviously very popular today.

What do you think? Are the long-term negative PR effects worth the uninterrupted business continuity as a whole? Are you comfortable with not knowing how exactly is any of the organizations possessing sensitive info on you, is taking care to secure it? I'm not!

As well as various other comments on the topic :

Information Security Breaches and the Threat to Consumers
Security Breaches : Notification, Treatment, and Prevention
Recommended Practices on Notification of Security Breach Involving Personal Information
What Does a Computer Security Breach Really Cost?

Technorati tags :
information security,security,security breach,id theft

Continue reading →

Watch out your wallets!

The irony of today's, obviously not working loan system, has left a 22 years old Chicago student in debt of $412,000. A very scary event, that I feel could have been prevented if the loss was reported, and the bank giving the loans was somehow aware of the social status of the "borrower" :)

In case you are interested in knowing more about identity theft, go through the following :

ID Theft : When Bad Things Happen to Your Good Name
Coping with Identity Theft : Reducing the Risk of Fraud
The Problem of Identity Theft

Technorati tags :
identity theft,security,information security,fraud Continue reading →