Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Your Rights Online

40 Million Identities Up For Sale On the Web 245

Posted by kdawson from the big-fat-target dept.
An anonymous reader writes "Highly sensitive financial information, including credit card details, bank account numbers, telephone numbers, and even PINs are available to the highest bidder. The information being traded on the Web has been intercepted by a British company and collated into a single database for the first time. The Lucid Intelligence database contains the records of 40 million people worldwide, mostly Americans; four million are Britons. Security experts described the database as the largest of its kind in the world. The database is in the hands of Colin Holder, a retired senior Metropolitan police officer who served on the fraud squad. He has collected the information over the past four years. His sources include law enforcement from around the world, such as British police and the FBI, anti-phishing and hacking campaigners, and members of the public. Mr. Holder said he has invested £160,000 in the venture so far. He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached."
This discussion has been archived. No new comments can be posted.

40 Million Identities Up For Sale On the Web More

40 Million Identities Up For Sale On the Web

Comments Filter:

  • splitting hairs (Score:5, Interesting)

    by tverbeek ( 457094 ) on Tuesday July 21, 2009 @06:40PM (#28776019) Homepage

    "He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached."

    How, exactly, does this differ from extortion?

  • So let me get this straight... (Score:5, Interesting)

    by FSWKU ( 551325 ) on Tuesday July 21, 2009 @06:40PM (#28776021)

    He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached.

    So in order to find out if your personal information has been breached, you have to disclose said information AND pay a fee. Seems a little fishy to me. Isn't that how a lot of identity-theft scams operate in the first place? "Hey, your identity is at risk. Send us money and details and we'll check to see if you're a victim or not.........and.....YES...you are now a victim! Thank you for using Thieves-R-Us!"

  • If he has my sensitive data... (Score:3, Interesting)

    by DreadfulGrape ( 398188 ) on Tuesday July 21, 2009 @06:43PM (#28776057)

    ... can I then sue him for illegally possessing my sensitive data?

  • This is probably illegal to sell (Score:1, Interesting)

    by davidwr ( 791652 ) on Tuesday July 21, 2009 @06:49PM (#28776125) Homepage Journal

    He almost certainly obtained his information legally, but some or most of it came with strings attached, including prohibitions on any non-official or personal use.

    I predict any attempt to monetize this by a private individual will be shot down fast.

    It's one thing for a government to provide this service on a cost-recovery basis, under heavy regulation.

    It's quite another for someone to collect this data under "official" or "can I have it as a favor" pretenses or even buy it on the "open market" but use the fact that you are in government to make people think you won't abuse it then turn around and sell the same information. Even if he's doing it on a cost-recovery basis, I don't see any regulation and it just looks bad.

    What he should do:
    Sort the data by country of residence or nationality, then give the data to those countries' governments or simply destroy it. If he asks nicely for donations and is clearly being good about the way he handles this, he might get enough to cover his costs.

  • I'd like to check my personal details please .... (Score:3, Interesting)

    by whoever57 ( 658626 ) on Tuesday July 21, 2009 @06:51PM (#28776133) Journal
    My name? It's Bill Gates. Oh, no, it's Warren Buffet .... Barak Obama.......

  • The answer is always "yes." (Score:4, Interesting)

    by zippthorne ( 748122 ) on Tuesday July 21, 2009 @07:06PM (#28776293) Journal

    It's far more brilliant.

    You must give him some information about yourself to determine if you're in the database, non? Information that includes your credit card numbers, perhaps. Where do you think that data goes, I wonder.

  • If he really wanted to do the right thing... (Score:5, Interesting)

    by 3seas ( 184403 ) on Tuesday July 21, 2009 @07:13PM (#28776357) Homepage Journal

    ... he'd notify the relative banks and get them to issue new cards to the card holders and then cancel the old account numbers.

    Or isn't that something a police officer would not do?

    Aren't the police supposed to help protect the public?

  • Re:splitting hairs (Score:3, Interesting)

    by amicusNYCL ( 1538833 ) on Tuesday July 21, 2009 @07:26PM (#28776469)

    No, you don't understand, that's not what this fine ex-cop is doing. It would be equivalent if you went around buying everyone's stolen goods, and then in order to recoup that cost, you charged people for the privilege of knowing whether or not their goods were stolen.

  • Re:Where does a cop get £160,000? (Score:5, Interesting)

    by Anonymous Coward on Tuesday July 21, 2009 @07:33PM (#28776535)

    Actually, under the Data Protection Act he isn't allowed to hold that database at all. This will end very badly for him.

  • Re:splitting hairs (Score:3, Interesting)

    by Civil_Disobedient ( 261825 ) on Tuesday July 21, 2009 @07:47PM (#28776651)

    Yeah, I don't understand how even possessing that kind of database is legal, let alone trying to charge people for access to it.

    I think this guy's business model needs some work.

  • Re:A discussion on morality. (Score:3, Interesting)

    by dave562 ( 969951 ) on Tuesday July 21, 2009 @08:20PM (#28776875) Journal
    I thought that you were allowed to obtain your credit REPORT for free once or twice a year. The credit SCORE is considered proprietary information and therefore subject to a fee. I think it's a load of crap. If there was justice in the world, ANY information that ANYBODY uses as part of a process to determine how they interact with and treat you, should be freely available to you.

  • Re:Ridiculous (Score:4, Interesting)

    by sbeckstead ( 555647 ) on Tuesday July 21, 2009 @09:29PM (#28777347) Homepage Journal
    I got mine stolen by using my teller card in a machine in Orange County California. I've never actually had it stolen on line. Always by physical means.

  • Ethics? Hello? UK? Anyone home? (Score:3, Interesting)

    by Mashiki ( 184564 ) <mashiki@nosPaM.gmail.com> on Tuesday July 21, 2009 @09:29PM (#28777353) Homepage

    I realize this is going by the wayside and all that, but doesn't anyone in the UK police service get ethics training anymore? Let alone have some type of psych eval when they join like they do in Canada? Some serious ethical questions that should be raised not only by his service, but also by the crown.

    Regardless of whether or not he retired from being a police officer or not, there's some things that don't go away when you retire. He's crossed a line, whether he realizes it yet or not. Then again, this being the UK, maybe I shouldn't be surprised, if this is commonplace for retired officers to pull stuff like this, it could be an example of how deep the rot actually goes in their entire system.

  • Re:splitting hairs (Score:4, Interesting)

    by Civil_Disobedient ( 261825 ) on Tuesday July 21, 2009 @09:45PM (#28777453)

    a world in which it was a crime simply to possess certain information would be very scary

    Uh, you do realize you already live in that world, right? Right? [state.ny.us]

  • Re:So let me get this straight... (Score:4, Interesting)

    by mcrbids ( 148650 ) on Tuesday July 21, 2009 @09:47PM (#28777471) Journal

    It took me about 10 minutes to create this simple web-page would could conceivably be used to steal identifying information. [effortlessis.com] It would take a few hours to add stuff like the ability to run credit cards, and simulate a faux "Your identity was not found".

    This website was easy to make using a free template found online. With the exception of the target page for all the links, it would easily pass the "sniff test" for many people. It looks friendly! It's got a kid and a butterfly on it! The news stories are current! (copy/paste from google news for "Identity Theft") Feel free to check it out. Total time spent was about 10-15 minutes. (I purposefully put in a few spelling/grammar mistakes, just to exaggerate my point)

    So I hack up a spam engine, log in via some open wifi hotspot, and I have a business overnight? ID theft is much, much easier than we all think. And we want to believe that this guy isn't also doing it?

  • Re:Where does a cop get £160,000? (Score:5, Interesting)

    by Derosian ( 943622 ) on Tuesday July 21, 2009 @10:46PM (#28777799) Homepage Journal
    Actually in the US using police or federal services for personal use as an officer is a felony, thus if this guy was an American police officer he would be arrested and all his information would be confiscated as evidence for his trial.

  • Re:Where does a cop get £160,000? (Score:3, Interesting)

    by sofar ( 317980 ) on Wednesday July 22, 2009 @03:32AM (#28779059) Homepage

    Actually, the US can have him extradited and convicted even if he didn't commit any act on US soil. Just look what happened to the UK hacker that got extradited, and the fellows who were claiming political asylum in the US for something they did outside the US.

    Endangering the economic well-being of americans will likely not go unpunished, especially if amongst those are lobbyists, military personnel, etc.

Slashdot Top Deals

"May your future be limited only by your dreams." -- Christa McAuliffe

Close