- News & Events
KrebsOnSecurity reported breaches to Dun & Bradstreet, Altegrity’s Kroll Background America and Reed Elsevier’s LexisNexis. The perpetrators appeared to be a crime ring known for selling stolen social security numbers and other sensitive information such as credit reports through the website ssndob.ms.
According to Brian Krebs, the website “has for the past two years marketed itself on underground cybercrime forums as a reliable and affordable service that customers can use to look up SSNs, birthdays and other personal data on any U.S. resident. Prices range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks. Customers pay for their subscriptions using largely unregulated and anonymous virtual currencies, such as Bitcoin and WebMoney.”
Krebs went on to say the cybergang placed malicious software on LexisNexis servers as early as April. So in all likelihood the bad guys had access to the company’s internal network for at least five months. Krebs added that a small remotely controlled botnet communicated directly with computers inside the firms that were hacked.
According to USA Today, Andreas Baumhof, chief technology officer at ThreatMetrix, observes that breaches on companies that amass sensitive data have become commonplace.
“There are two types of companies. Those that have been hacked and know it and those that have been hacked and don’t know it,” Baumhof says.
Too many companies still concern themselves with security as an after-thought, he says.
“I know so many chief information security officers who are fighting to get a budget to do the right thing, but it’s hard to justify a budget if you haven’t had a breach,” Baumhof says.
The Huffingtonpost.com reports that five hacked servers were identified by examining the web interface controlling the botnet. Two servers were inside LexisNexis, two at D&B, and one at Kroll Background America.
A LexisNexis representative said that the company had no evidence that customer or consumer data had been “reached or retrieved.”
Michele Caselnova, a spokesperson for D&B said the company was “aggressively investigating (…the attack.) Data security is a company priority and we are devoting all resources necessary to ensure that security.”
Speaking for Kroll Background America, Ray Howell said the company was working with external forensics experts to investigate the source and “impact, if any,” of malicious software found on its servers.
Finally, an FBI spokesperson said the bureau was investing the breaches but declined to elaborate.
ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.