• Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager

    Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily...

  • miniLock - Open Source File Encryption Tool from CryptoCat Developer

    It’s the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as...

  • A BEGINNERS GUIDE TO HACKING UNIX

      *************  *       A BEGINNERS GUIDE TO:        *  *        ...

  • CASH! CASH! Hacking ATM Machines with Just a Text Message

    As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million...

  • Microsoft Word Zero-Day Vulnerability is being exploited in the Wild

    Microsoft warned about a zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the...

  • Snoopy Drone Can Hack Your Smartphones

    The use of unmanned aerial vehicles (UAVS) called Drones is rapidly transforming the way we go to war. Drones were once used for...

  • Android Privilege Escalation Flaws leave Billions of Devices vulnerable to Malware Infection

    Android - a widely used Smartphone platform offered by Google is once again suspected to affect its users with malicious software that puts...

  • Introduction to Netcat

    Introduction : So I was messing around on the internet and came across a tool called Netcat.  I've been messing with it for a couple of...

  • Google Nexus phone vulnerable to SMS-based DOS attack

    Google’s Nexus Smartphones are vulnerable to SMS-based DOS attack, where an attacker can force it to restart, freeze, or lose network...

  • Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

    A Symantec researcher has discovered a new Linux worm, targeting machine-to-machine devices, and exploits a PHP vulnerability...

Sunday, 29 September 2013

Hacker sold personal data of 4 million US citizens online; risk of potential Identity Theft

An illegal service that sells personal data of US citizens online, which can then be used for identity theft hacked into the networks of three major data brokers and Hacker stole their databases.

Cyber attack has given them access to Social Security Numbers, dates of birth, and other personal details that could put all our finances at risk.

Krebs's blog revealed that the service, known as SSNDOB (ssndob.ms) (Social Security Number Date of Birth) used malware to obtain secret access to the databases of LexisNexis, Dun & Bradstreet and Kroll Background America.
Hackers are charging from 50 cents to $2.50 per record and from $5 to $15 for credit and background checks. It was discovered in March that another website, exposed.su was using data collected by SSNDOB to sell to its customers.



Through the use of a botnet Malware, ID thieves the ID thieves gained access to the networks of LexisNexis, that it provides coverage of more than 500 million unique consumer identities.

"The botnet’s online dashboard for the LexisNexis systems shows that a tiny unauthorized program called “nbc.exe” was placed on the servers as far back as April 10, 2013, suggesting the intruders have had access to the company’s internal networks for at least the past five months,” Krebs’ report.

The program was designed to open an encrypted channel of communications from within LexisNexis’s internal systems to the botnet controller on the public Internet.

SSNDOB itself was compromised by multiple attacks earlier this year, and website’s records show that 1,300 customers have spent hundreds of thousands of dollars looking up SSNs, birthdays, drivers license records, and obtaining unauthorized credit and background reports on more than four million Americans.
The service's main website at ssndob.ms has been taken offline, but similar services can be found at ssndob.cc and ssndob.biz.

Dun&Bradstreet and Altegrity have said they are investigating the claims. LexisNexis said that it has found no evidence of data theft.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)