Around 5 Millions of Americans are exposed to the concrete risk of identity theft, this is one of most clamorous and grotesque case of data breach, hackers stolen data on US citizens that were stored in the database of an illegal service that was selling them.
The data used for identity theft have been obtained from the hack into the networks of three major data brokers, it includes sensitive information such as Social Security Numbers, dates of birth and other personal details.
KrebsOnSecurity blog revealed that the service Social Security Number Date of Birth [SSNDOB (ssndob.ms) ] was used to conduct a cyber attack malware based to compromise the databases of Data Broker Giants LexisNexis, Dun & Bradstreet and Kroll Background America.
“The Web site ssndob[dot]ms (hereafter referred to simply as SSNDOB) has for the past two years marketed itself on underground cybercrime forums as a reliable and affordable service that customers can use to look up SSNs, birthdays and other personal data on any U.S. resident.”
Brian Krebs conducted seven months of investigation into an underground market to reconstruct the events. Attackers gained access to the networks of LexisNexis, that provides personal data of more than 500 million unique consumer identities.
Analyzing the networks, related activity and credentials used by SSNDOB administrators the security expert discovered that hackers manage a small but very potent botnet that’s controlled at least five infected systems at different US-based consumer and business data aggregators, including LexisNexis Inc.
“The botnet’s online dashboard for the LexisNexis systems shows that a tiny unauthorized program called “nbc.exe” was placed on the servers as far back as April 10, 2013, suggesting the intruders have had access to the company’s internal networks for at least the past five months,” “The program was designed to open an encrypted channel of communications from within LexisNexis’s internal systems to the botnet controller on the public Internet.” Krebs’ report.
A first analysis of bot agent detected on compromised servers reveals that attackers dedicated great effort to develop a code able to avoid detection by antivirus tools. Virustotal.com confirmed that none of the 46 top anti-malware tools on the market today detected bot code with obvious consequences.
Hackers were selling personal data with a price range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks, the customers used for their subscriptions popular virtual currency scheme Bitcoin and WebMoney to preserve their anonymity.
Initially it was not clear how which was the source of the data sold by SSNDOB service, the mystery has been unveiled in March 2013 when it was discovered another website, exposed.su, that was selling the same dataset to its clients.
A teenage hackers allegedly associated with the hacktivis group UGNazi used the SSNDOB service to collect data resold on exposed.su, a Web site that listed the SSNs, birthdays, phone numbers, current and previous addresses for dozens of celebrities including Beyonce, Jay Z and First Lady Michelle Obama.
SSNDOB was hacked by different hackers this summer and its database was pillaged, according KrebsOnSecurity.com the archive contained transactions of 1,300 customers “that have spent hundreds of thousands of dollars looking up SSNs, birthdays, drivers license records, and obtaining unauthorized credit and background reports on more than four million Americans”.
The most concerning aspect of the hack is that 4 million US citizens online are exposed to a concrete risk of identity theft, despite the service’s main website at ssndob.ms has been taken offline, many similar services are still active on the Internet such as ssndob.biz and ssndob.cc.
At the moment LexisNexis announced to haven’t yet found evidence of data breach, but incidents like this raise once again the importances of data protections. Once a database has been hacked and the data is placed in the black market is practically impossible to stop its marketing through countless illegal services.
(Security Affairs – Cybercrime, Id Theft, hacking)