Forget Phishing Just Buy Personal Info 163
Iago writes "If you need information about a person in Moscow, just go to the market and buy it. The Globe and Mail reports that along with the usual pirated software, cd's etc. you can find out information such as the bank records of your competitors, motor vehicle information and tax returns. The question is, how much of this information is being sold in other countries, perhaps in a more sophisticated manner?"
yeah ... I like fishing (Score:2, Funny)
(-1, Troll) (Score:3, Informative)
Free Software is not about all kinds of freedom. It's just about software. It's like that, because in the context of software, freedom is much more obviously necessary than in other contexts, where its benefits can be more subtle.
What you are talking about is those guys that say the "information wants to be free" stuff. I like that, but GNU/FSF has nothing to do w
Known about this for years (Score:5, Interesting)
These thugs sell this information to people in the black market. This isn't new stuff neither, the news just seems to hover on this and "identity theft" a lot recently. It's been happening since the 80's.
Old trick with new methods (Score:4, Informative)
People burned by that one could go for a class action lawsuit against either Mastercard their service supplier or the software vendor or a combination. There's no excuse for using tools known to be defective in a networked context.
Increasingly that said same vendor has been associated with breaches of security and failures. A year ago it was voting machines now this...
Yea, but the implications are still frightning (Score:3, Informative)
Not long ago here in Mexico, a punk servicing a PC in the Federal Electoral Institute downloaded and sold the ENTIRE National Voter Registry to a two bit data aggregator, which in turn sold the database to Choicepoint in the U.S.
Now the National Voter Registry contains the name, address, telephone and date of birth of all the people over 18 in the entire country. It is the basis for the most trusted identification used over the country and of our voting system.
The costs of managing and updating the regi
A better question (Score:4, Interesting)
Comment removed (Score:4, Interesting)
Re:A better question (Score:2, Interesting)
Re: (Score:1)
Re:A better question (Score:3, Insightful)
Re:A better question (Score:2)
Posession of such databases is not illegal, since you just bought them (of course if it isn't YOU who had stolen them in the first place).
Of course, seller can be brought to account, but it's pretty hard to catch them.
Re:A better question (Score:2)
Re:A better question (Score:2)
BTW: I find these databases to be quite convinient for searching for phone numbers, addresses and birthdays.
Re:A better question (Score:2)
Re:A better question (Score:2)
But you can't buy anything on behalf of other people using only data in the stolen lists. Mostly because every bank and shop in Russia is aware of the stolen lists.
Re:A better question (Score:2)
So I guess these databases are pretty correct.
Re:A better question (Score:3, Insightful)
Especially recently with all of the banks coming out with information of their customers being comprimised.
Don't forget offshored databases (Score:3, Interesting)
$100 (even Canadian) per CD is a worthy amount of money in Russia or other second/third world countries where back-office operations have been off-shored to. This problem is only going to keep growing at these price levels.
The point here is that there is very strong incentive to provide accurate data at these pr
That old saying... (Score:1)
Re:That old saying... (Score:2)
btw where are the soviet russia jokes... i read 9 posts when i posted this, and none of them started "in soviet russia..." i know people typicall dislike them here, but can you really think of a more approite story...
Re:That old saying... (Score:4, Funny)
Also, I like how you can't put a period after "St." but can end every sentence with
Re:That old saying... (Score:2, Funny)
That, you could say, brings on the grammar Nazis
Re:That old saying... (Score:1, Informative)
Re:That old saying... (Score:1, Funny)
Re:That old saying... (Score:2)
Re:That old saying... (Score:1, Insightful)
as for the id stuff, well there're plenty of big companies whose sole purpose is collection and selling-on of personal data, such as credit history, full name, address, telephone number, spending habits and so on.
This is the main reason i'm dead against the UK's proposed id cards. I simply don't trust whichever crappy company they award the contract to not to sell all my details to a bunch of criminals. And by criminals i mean real c
Disinformation? (Score:5, Interesting)
Re:Disinformation? (Score:2)
Re:Disinformation? (Score:3, Interesting)
To sum up, it's still supply and demand, and you're talking about diluting the supply. That means that, for those who can get at the 'good stuff', it's worth more.
On the other hand, if the FBI and the cred
Re:Disinformation? (Score:2)
You need info (Score:2, Funny)
Re:You need info (Score:2)
What, /.? You don't like it? (Score:5, Funny)
Re:What, /.? You don't like it? (Score:4, Interesting)
I personally don't think I care if my and everyone else's "personal" information becomes public. I don't think there is anything extremely interesting about it. People already find out my phone number, email address, street address, bank account number, sometimes even credit card number, user name, real name, etc. etc. etc. as it is.
All that said, I don't think it's necessary to make all everything publicly accessible. It does open the door to more fraud (although it can also help catch fraudsters more easily!), spam, etc. So let's say that public information wants to be free, and private information wants to stay private?
Re:What, /.? You don't like it? (Score:2)
Then again, importing biz.booksellers.amazon.* might unnecessarily bloat my package... but it's still better than declaring all of my information as public.
Re:What, /.? You don't like it? (Score:3, Funny)
So that's how all the 'enlarge your organ' products I see advertised work....
Re:What, /.? You don't like it? (Score:2)
Re:What, /.? You don't like it? (Score:2)
Re:What, /.? You don't like it? (Score:1)
Isn't it scary? (Score:2, Interesting)
Now think about the databases the FBI and the airport security are keeping about you. Not only that but also the ones K-Mart, Wal-Mart, Target, Giant(foods), and other stores. It shouldn't be too hard to be you. Just find out your address, and jump on Google maps. Find the nearest stores to you. With your name and address find out your shopping history. And ex
Re:Isn't it scary? (Score:2)
Not sure I'd worry as much about them. The FBI computer systems aren't as sophisticated as people seem to think. The danger from them is the type of information they have access to in other systems. And the ability to aggregate that information into a file supplemented by direct observation. That's what the real brewha with the Patriot Act is all about. The FBI's ability to do that without judicial oversight. The pr
Because as a wise person once said... (Score:5, Funny)
Re:Because as a wise person once said... (Score:1)
Re:Because as a wise person once said... (Score:2)
Sell a man a phish and he cans scam for a day, teach him how to phish and you just gave up your monopoly on phisheries!
Buy from gangster, get burnt (Score:5, Interesting)
And it's not like these lists ever get refreshed much, so what you end up with is increasingly less useful data in these lists, and the vendors don't even care about it. It's just the nature of the beast (and the overall state of former Russia, where anything goes).
Re:Buy from gangster, get burnt (Score:4, Interesting)
If it says 'Tax returns 2003', then it really is the tax returns, as they were for 2003, complete with the ability to easily search for, say, addresses and family relationships of persons in your neighbourhood with more than 100,000$ income last year.
Re:Buy from gangster, get burnt (Score:1)
Re:Buy from gangster, get burnt (Score:4, Funny)
Dude! When did the revolution happen? I'd better go and update my little database here [cia.gov].
Are you sure about your sig?
Re:Buy from gangster, get burnt (Score:1)
Re:Buy from gangster, get burnt (Score:2)
Simple as that , so you can pretty much guarantee that they are selling genuine information , they are mostly selling it to people with equally dubious morals
they're no small fry scam artists job nor grifters , these are major
Re:Buy from gangster, get burnt (Score:2)
I mean, if this was a scam someone would have turned the sellers in to the cops for false advertising by now. The market takes care of this kind of thing itself.
*cough*
Another example of security through obscurity. (Score:5, Insightful)
All of it, of course. Sooner or later we're going to have to get used to the idea that the concept of preserving privacy as a society disproportionately benefits individuals and groups with the resources to acquire and disseminate information regardless of the obstacles in their way.
It's too late to save privacy as most people currently envision it. What we need to be doing as a society is focus on transparency and equality-- ensuring that all parties in the social contract stand on an equal footing with regard to what information is publicly available. Secrecy is most dangerous when the powers that be insist that it be one-sided...
Re:Another example of security through obscurity. (Score:2)
"All of it, of course. Sooner or later we're going to have to get used to the idea that the concept of preserving piracy as a society disproportionately benefits individuals and groups with the resources to acquire and disseminate information regardless of the obstacles in their way."
Gives the sentence a whole different meaning, doesn't it. And then...
"It's too late to save piracy as most people currently envision it. What we need to be doing as a society is focus on transparen
It's just going to get worse (Score:4, Insightful)
Look at medical records, it used to take a few minutes while they looked for your chart. At the medical clinic I currently go to they can locate you instantly. When you go into the doctor's office, he has your information on-screen. If something like a patient's chart goes missing, there's physical evidence that it's gone. But if a computer is poorly secured, you may not ever realized it was compromised.
What really bothers me is who is purchasing this information. My medical records would be pretty harmless to most people, but what if a coworker with a grudge were to find out about a deadly allergy I have? There's always that scary potential you don't necessarily think about. What if a terrorist uses your identity to get into the country and commit nefarious deeds? Could you be imprisoned while they go free?
Re:It's just going to get worse (Score:5, Insightful)
With the current paranoia, definitely. It's better to be safe than sorry, so let's send back that plane that has someone on board who might be a terrorist (and, after all, anybody could be a terrorist), and let's keep these people safely locked up without a trial, until maybe someday we have some evidence against them, or perhaps for them.
Seriously. The principle that you're innocent until proven guilty is a healthy one. There's also a reason this has to be proven in front of a judge. These people are trained to be impartial, and to spot weaknesses in the argumentation and evidence on both sides. People in general are easily swayed, especially with media influence.
Now, to return to your issue about computers, that's a very good point, and highlights an important problem. People think computers don't make mistakes, and information that is stored there and backed up is safe. Both of these are pretty much correct. However, that does not mean that what comes out of a computer is correct in any sense. People still make mistakes when entering information, and I think we here all know how sad a state computer security is in.
Especially falsification of information from inside is a very real threat. In most applications I have seen, this leaves no traces unless you want it to. Very different from handwritten information, where it's easy to see that something was written by a different person, and investigation may even reveal who that person is. If not by the handwriting, then by the fingerprints.
Many of these fallbacks are simply not available in computer systems, and with computers being the backbone of virtually everything organized, I think we ought to be really concerned. And, I might add, the fact that most of these are running known faulty software and operated by non-computer-savvy people does not make it any better. Nor does the fact that the workings of said faulty software are hidden.
People can be bought, too (Score:2, Insightful)
It happens too with corporate espionage. Somebody at the help desk might be convinced to hand over the CEO's email account password to a competitor. If I've got $15,000
Re:People can be bought, too (Score:2)
not only in Russia (Score:5, Insightful)
Re:not only in Russia (Score:1)
Re:not only in Russia (Score:3, Insightful)
"burly men named boris and ivan" can buy your information in the US, all they have to do is hire a lawyer to buy it for them via a corporation the lawer made. Americans are safe from widespread home invasion robberies because they have an
Re:not only in Russia (Score:2)
The right to bear arms as a militia protects you from the govenment, not criminals.
A good government writting good and fair laws, a culture that doesn't put up with criminal behavior, and competent honest police is what will protect you from crime.
Apathetic citezens, unjust laws, or corrupt police all lead to crime.
Do your part: look out for your
Re:not only in Russia (Score:2)
What is going on in Russia IS a little scary, but is it really any different that buying the same information from one the businesses operating in the US like choicepoint?
It is different - slightly.
In Russia, information is manufactured so that their kangaroo courts can convict slightly shady characters like Mikhail Khodorkovsky [iht.com] on different artificial trumped-up charges.
In the USA, Choicepoint [gregpalast.com] is contracted to manufacture a suspiciously faulty system and a trumped up list of "felons" to be barred from
greeting from mother russia (Score:1, Funny)
I am in need of some friendshipful cashmonies
I'm not surprised (Score:5, Insightful)
In other words - don't worry if the encryption used to send the data is 128 bit or 1024. No one will bother try to sniff'n'hack it anyways. Worry about whom you're giving your info to. Sure - they may have cheap DVD's, but in order to sell you cheap goods, they must save money in other areas. Security is (sadly) one of the first things to go.
Re:I'm not surprised (Score:2)
not just Moscow (Score:5, Interesting)
Even more, it's hard to find a PC in my own city that doesn't have a "Megapolice" database, which contains all above information accessible throught a single easy-to-use interface.
In Solviet Russia.... (Score:1)
Everything has its price. (Score:4, Funny)
In soviet Russia... (Score:2, Interesting)
Anyway, I guess that these days you better have nothing to hide.
Re:In soviet Russia... (Score:2)
Re:In soviet Russia... (Score:2, Funny)
Trolling 101 (Score:1)
In soviet Russia, corruption certainly was organized.
See, wasn't that easy?
Grammar? (Score:3, Funny)
India (Score:4, Informative)
With all this Phishing in the news... (Score:4, Funny)
Hey, you can't steal what isn't there, and my credit is already wrecked beyond belief. You'd have to be a pretty desperate scammer to steal my identity.
At what point do we as humans learn? (Score:2)
How about security?
Its pretty scary when you realize we were once at war with Russia. Nuclear stand offs... spys... tight security....
Just how tight was that security?
It seems to me that either there never was security, or we're just getting so lazy about protecting ourselves.
The hellish nightmare that one must go through when having their info stolen... is too much of a burden on the victom. It is not right that we con
Offtopic ! (Score:2)
Miene Final Solution (Score:2, Funny)
Re:Miene Final Solution (Score:3, Funny)
"Private Eye" CD (Score:5, Interesting)
IMHO, once it's out there it's everyone's civil duty to get a copy, just to level the playing field.
Buying Personal Info, U.S. Style (Score:5, Interesting)
The easiest way to buy personal information here in the U.S. is to set up a fake company, then request the desired information from one of the major credit bureaus: Experian, Equifax, TransUnion, or ChoicePoint. Back in February ChoicePoint admitted to releasing the information on at least 145,000 consumers to fake companies [msn.com].
Re:Buying Personal Info, U.S. Style (Score:2)
It doesn't take too much effort to find a way around that limitation. I'm not going to say how to do it as I don't want to lower the barrier to entry and make it any easier for those less creative m
Re:Buying Personal Info, U.S. Style (Score:2)
Real company = Does something worthwhile for its customers and makes sure to keep them happy by bending over backwards for them.
Fake Company = Some crook who puts out a shingle claiming to offer something ostensibly worthwhile, but offering nothing worthwhile. Usually results in a lot of angry customers if there is some kind of product. However, in actuality, the fake company rarely offers anything at all and just abuses its status to serve it's own interests.
Really easy to comprehend if you are
What is unusual about this? (Score:5, Interesting)
Nothing new here and it certianly isn't limited to dodgy stalls in Moscow markets or corrupt outsourced callcentre employees.
I hate to disappoint you (Score:3, Funny)
If you think you have a good one, please save someone a mod point by keeping it to yourself, because if it isn't already redundant, it soon will be.
This message brought to you by the Moderator Points Association of America (MPAA) *ducks*
--
I'm commenting on this story to prevent myself from burning moderator points on useless comments like this one
Ransom Want Ads (Score:2, Interesting)
Things like that are depressingly common in some parts of the world.
in Soviet Russia ... (Score:2)
The Capitalists will sell us the rope with which we will hang them.
-- Vladimir Ilyich Lenin
Off-topic but (Score:1, Informative)
"Multiple blasts paralyse London" (OT) (Score:1, Offtopic)
http://news.bbc.co.uk/1/hi/uk/4659093.stm [bbc.co.uk]
Well, I hope (Score:3, Funny)
all day every day (Score:3, Informative)
The question is, how much of this information is being sold in other countries, perhaps in a more sophisticated manner?
USian? Go get your free credit report [freecreditreport.com]. Look closely at who has recently requested it. They're getting all kinds of information about you. Your bank, credit card company, mobile phone provider, broadband provider, power company, pretty much anyone with your name addy and social security number can sell your info to be requested by someone else at any time. This is a perfectly legal and legit practice. Regarding other countries, these businesses who outsource IT to India/China/Russia will locally all have this information to trade on the white and black market where there are even less data privacy laws.
I used to worry about identity theft and related crimes. I used to think I was the one in control and had the responsibility of securing my personal information. No, the companies that trade on personal info and credit have the control and the toothpaste is out of the tube. I can never secure the last 30 years of my information again, so why bother trying? All I can do is be vigilant in trying to detect fraud and deal with it on a case by case basis.
There is too much commerce at stake for governments to pass laws to ensure data privacy or make issuing credit more secure. Stop whining and start making arguments to your local politicians for doing what you want to be done.
Go get your free credit report.... (Score:2)
While you can see who's requested your credit report (and I'd recommend you check it at least annually), this has limited utility.
While most financial institutions will prefer to obtain this data directly from the major vendors (Experian / Trans Union, Equifax), the problem is that data are transitive, but data tracing is not. You have no idea who among the entities who've requested your data have passed it on, or let it slip, to others.
You may see the secondary queries and activity resulting from su
Not suprising (Score:3, Funny)
And the other question is.... (Score:2)
This could have serious implications for an individual's credit rating or whether they end up as a guest of a government security agency indefinitely with no legal recourse.
I have worked in situations where we bought information on customers and just off hand I would say that when we compared our known good (recently updated by t
Specific (Score:2)
Why go to Russia when the DMV is so much closer? (Score:2)
They pretty much give you everything you need to commit identity fraud: License plate number, Car type, DL license, address, banking information, vin number, DOB, and supposedly you can even get the license database which includes driver photos!
Spam, enforcement, cure (Score:2)
1. I get several pieces of spam in Russian every day advertising these databases. Dammit.
2. Law enforcement in Russia does nothing about it. In the current situation, it is trivial to catch the seller: the databases advertised in spam, for example, are delivered by a courier. If the police were interested in hindering this activity (or forcing it deeper underground, at least), they would do this in a blink of the eye. Nothing is done, though.
3. I like the way Norway deals
Re:In Soviet Russia... (Score:2, Funny)
In Soviet Russia you buy your own information.
Equifax [equifax.com]
Transunion [transunion.com]
Experian [experian.com]
Unless you consider once a year access acceptable. Your credit report free [annualcreditreport.com]. But that's only once a year.
Who's information is it anyway?
Re:Obligatory "In Soviet Russia..." joke (Score:2, Funny)
Re:Obligatory "In Soviet Russia..." joke (Score:2)
Don't complain. If I didn't say it, someone else would.
Yes, but they would have made it funny. Or even mildly humourous.