An illegal, hacker-helmed identity-theft service called SSNDOB — as in Social Security Number and date of birth — compromises servers at several major US data brokers, according to a report.
September 25, 2013 12:27 PM PDT
An illegal service that sells personal data “on any U.S. resident” — which can then be used for identity theft — hacked into servers at several major data aggregators including LexisNexis and Dun & Bradstreet, according to a report.
The service’s customers have, the report said, “spent hundreds of thousands of dollars looking up SSNs, birthdays, driver’s license records, and obtaining unauthorized credit and background reports on more than 4 million Americans.”
In an article Wednesday, former Washington Post reporter Brian Krebs, who now writes the KrebsOnSecurity blog, outlined how a site called Expose.su managed earlier this year to post financial information on celebrities and government officials.
The site’s activities triggered an FBI investigation, in part because Expose.su managed to publish the Social Security Number, address, and a credit report of then-FBI Director Robert Mueller.
According to Krebs, Expose.su (think “exposes you”) got its info from another site, ssndob.ms, or SSNDOB (think “Social Security Number” and “date of birth”), which got the data by way of a small botnet it operates.
The botnet appears to have access to compromised servers at several large data brokers in the United States, including LexisNexis, Dun & Bradstreet, and Kroll Background America. (And, in regard to the bot program installed on the hacked servers, Krebs reported that “none of the 46 top antimalware tools on the market today detected it as malicious.”)
LexisNexis maintains one of the world’s biggest electronic databases for legal and public-records related information; Dun & Bradstreet licenses info on businesses for use in credit decisions; and Kroll — now a part of HireRight — provides services related to employment background, drug, and health screenings, Krebs noted.
“All three victim companies said they are working with federal authorities and third-party forensics firms in the early stages of determining how far the breaches extend, and whether indeed any sensitive information was accessed and exfiltrated from their networks,” Krebs said.
Krebs, who got his hands on a copy of SSNDOB’s database, reported that a closer examination of it indicates that since SSNDOB came on the scene early last year, the service has sold more than 1.02 million unique SSNs and nearly 3.1 million date of birth records.
SSNDOB markets itself on underground cybercrime forums, Krebs said, and sells data at prices that “range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks. Customers pay for their subscriptions using largely unregulated and anonymous virtual currencies, such as Bitcoin and WebMoney.” Krebs also said SSNDOB appears “to have licensed its system for use by at least a dozen high-volume users” and that there’s some evidence these users “are operating third-party identity theft services.”
The FBI confirmed that a bureau investigation into the SSNDOB server hacks is ongoing, Krebs reported, adding that a spokesperson wouldn’t provide any details.
You can read Krebs’ story here.