Criminals hacked illegal service exposing Americans to Identity theft

An identity theft service that sells personal information on millions of US citizens has been hacked. Millions of US citizens exposed to Id Theft.

Around 5 Millions of Americans are exposed to the concrete risk of identity theft, this is one of most clamorous and grotesque case of data breach, hackers stolen data on US citizens that were stored in the database of an illegal service that was selling them.

The data used for identity theft have been obtained from the hack into the networks of three major data brokers, it includes sensitive information such as Social Security Numbers, dates of birth and other personal details.

KrebsOnSecurity blog revealed that the service Social Security Number Date of Birth [SSNDOB (ssndob.ms) ] was used to conduct a cyber attack malware based to compromise the databases of Data Broker Giants LexisNexis, Dun & Bradstreet and Kroll Background America.

“The Web site ssndob[dot]ms (hereafter referred to simply as SSNDOB) has for the past two years marketed itself on underground cybercrime forums as a reliable and affordable service that customers can use to look up SSNs, birthdays and other personal data on any U.S. resident.”

Brian Krebs conducted seven months of  investigation into an underground market to reconstruct the events. Attackers gained access to the networks of LexisNexis, that provides personal data of more than 500 million unique consumer identities.

Analyzing the networks, related activity and credentials used by SSNDOB administrators the security expert discovered that hackers manage a small but very potent botnet that’s controlled at least five infected systems at different US-based consumer and business data aggregators, including  LexisNexis Inc.

“The botnet’s online dashboard for the LexisNexis systems shows that a tiny unauthorized program called “nbc.exe” was placed on the servers as far back as April 10, 2013, suggesting the intruders have had access to the company’s internal networks for at least the past five months,” “The program was designed to open an encrypted channel of communications from within LexisNexis’s internal systems to the botnet controller on the public Internet.” Krebs’ report.

A first analysis of bot agent detected on compromised servers reveals that attackers dedicated great effort to develop a code able to avoid detection by antivirus tools. Virustotal.com confirmed that none of the 46 top anti-malware tools on the market today detected bot code with obvious consequences.

Hackers were selling personal data with a price range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks, the customers used for their subscriptions popular virtual currency scheme Bitcoin and WebMoney to preserve their anonymity.

Initially it was not clear how which was the source of the data sold by SSNDOB service, the mystery has been unveiled in March 2013 when it was discovered another website, exposed.su, that was selling the same dataset to its clients.

A teenage hackers allegedly associated with the hacktivis group UGNazi used the SSNDOB service to collect data resold on exposed.su, a Web site that listed the SSNs, birthdays, phone numbers, current and previous addresses for dozens of celebrities including Beyonce, Jay Z and First Lady Michelle Obama.

SSNDOB was hacked by different hackers this summer and its database was pillaged, according KrebsOnSecurity.com the archive contained transactions of 1,300 customers “that have spent hundreds of thousands of dollars looking up SSNs, birthdays, drivers license records, and obtaining unauthorized credit and background reports on more than four million Americans”.

 

 

The most concerning  aspect of the hack is that 4 million US citizens online are exposed to a concrete risk of identity theft, despite the service’s main website at ssndob.ms has been taken offline, many similar services are still active on the Internet such as ssndob.biz and ssndob.cc.

At the moment LexisNexis announced to haven’t yet found evidence of data breach, but incidents like this raise once again the importances of data protections. Once a database has been hacked and the data is placed in the black market is practically impossible to stop its marketing through countless illegal services.

Pierluigi Paganini

(Security Affairs –  Cybercrime, Id Theft, hacking)

 

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Highline Public Schools school district suspended its activities following a cyberattack

Highline Public Schools, a school district in Washington state, remains closed following a cyberattack that…

12 hours ago

RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR

Researchers observed the RansomHub ransomware group using the TDSSKiller tool to disable endpoint detection and…

13 hours ago

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM) that can let…

17 hours ago

Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited…

19 hours ago

Quad7 botnet evolves to more stealthy tactics to evade detection

The Quad7 botnet evolves and targets new  SOHO devices, including Axentra media servers, Ruckus wireless…

1 day ago

Poland thwarted cyberattacks that were carried out by Russia and Belarus

Poland 's security officials announced that they successfully thwarted cyberattacks that were carried out by…

2 days ago

This website uses cookies.