Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Study Finds Hundreds of Stolen Data Dumps

timothy posted more than 5 years ago | from the at-least-the-criminals-love-me dept.

Security 58

Steve writes "SecurityFix reports that a group of researchers from Germany published a study in which they analyzed several hundred so-called 'drop zones,' i.e. anonymous collection points of illicitly collected data stolen with the help of keyloggers. 'Their findings, which drew from stolen data harvested from these drop zones between April and October 2008, were staggering: 33 gigabytes worth of purloined data from more than 170,000 victims. Included in those troves were more than 10,700 online bank account credentials, 149,000 stolen e-mail credentials, 5,682 credit card numbers, and 5,712 sets of eBay credentials. [...] Using figures from Symantec's 2007 study on the prices that these credentials can fetch at e-crime bazaars, the researchers estimate that a single cyber crook using one of these kits could make a tidy daily income. The full report [PDF] contains some more interesting details.'"

cancel ×

58 comments

I once stole a dump! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26171423)

A couple weeks ago, while browsing around the library downtown, I had to take a piss. As I entered the john, Barack Obama -- the messiah himself -- came out of one of the booths. I stood at the urinal looking at him out of the corner of my eye as he washed his hands. He didn't once look at me. He was busy and in any case I was sure the secret service wouldn't even let me shake his hand.

As soon as he left I darted into the booth he'd vacated, hoping there might be a lingering smell of shit and even a seat still warm from his sturdy ass. I found not only the smell but the shit itself. He'd forgotten to flush. And what a treasure he had left behind. Three or four beautiful specimens floated in the bowl. It apparently had been a fairly dry, constipated shit, for all were fat, stiff, and ruggedly textured. The real prize was a great feast of turd -- a nine inch gastrointestinal triumph as thick as his cock -- or at least as I imagined it!

I knelt before the bowl, inhaling the rich brown fragrance and wondered if I should obey the impulse building up inside me. I'd always been a liberal democrat and had been on the Obama train since last year. Of course I'd had fantasies of meeting him, sucking his cock and balls, not to mention sucking his asshole clean, but I never imagined I would have the chance. Now, here I was, confronted with the most beautiful five-pound turd I'd ever feasted my eyes on, a sausage fit to star in any fantasy and one I knew to have been hatched from the asshole of Barack Obama, the chosen one.

Why not? I plucked it from the bowl, holding it with both hands to keep it from breaking. I lifted it to my nose. It smelled like rich, ripe limburger (horrid, but thrilling), yet had the consistency of cheddar. What is cheese anyway but milk turning to shit without the benefit of a digestive tract?

I gave it a lick and found that it tasted better then it smelled.

I hesitated no longer. I shoved the fucking thing as far into my mouth as I could get it and sucked on it like a big half nigger cock, beating my meat like a madman. I wanted to completely engulf it and bit off a large chunk, flooding my mouth with the intense, bittersweet flavor. To my delight I found that while the water in the bowl had chilled the outside of the turd, it was still warm inside. As I chewed I discovered that it was filled with hard little bits of something I soon identified as peanuts. He hadn't chewed them carefully and they'd passed through his body virtually unchanged. I ate it greedily, sending lump after peanutty lump sliding scratchily down my throat. My only regret was that Barack Obama wasn't there to see my loyalty and wash it down with his piss.

I soon reached a terrific climax. I caught my cum in the cupped palm of my hand and drank it down. Believe me, there is no more delightful combination of flavors than the hot sweetness of cum with the rich bitterness of shit. It's even better than listening to an Obama speech!

Afterwards I was sorry that I hadn't made it last longer. But then I realized that I still had a lot of fun in store for me. There was still a clutch of virile turds left in the bowl. I tenderly fished them out, rolled them into my handkerchief, and stashed them in my briefcase. In the week to come I found all kinds of ways to eat the shit without bolting it right down. Once eaten it's gone forever unless you want to filch it third hand out of your own asshole. Not an unreasonable recourse in moments of desperation or simple boredom.

I stored the turds in the refrigerator when I was not using them but within a week they were all gone. The last one I held in my mouth without chewing, letting it slowly dissolve. I had liquid shit trickling down my throat for nearly four hours. I must have had six orgasms in the process.

I often think of Barack Obama dropping solid gold out of his sweet, pink asshole every day, never knowing what joy it could, and at least once did, bring to a grateful democrat.

Yep. We're vulnerable. (5, Insightful)

theaveng (1243528) | more than 5 years ago | (#26171485)

I've often thought that, over the ~15 year span that I've been surfing the web, I opened-up way too many accounts. I've forgotten most of them, and yet my name and address still sits there in the databases just waiting to be hacked (or sold).

Re:Yep. We're vulnerable. (2, Funny)

Thanshin (1188877) | more than 5 years ago | (#26171523)

Indeed.

However I don't really mind that they sell all info regarding Mr. X Smith, who currently lives in n123 Candy st. / Magicland.

Re:Yep. We're vulnerable. (4, Funny)

sakdoctor (1087155) | more than 5 years ago | (#26171667)

I feel sorry for bob@aol.com, the real resident of 123 Fake street, and the unlucky person who got the telephone number 01234567890

Re:Yep. We're vulnerable. (5, Funny)

morgan_greywolf (835522) | more than 5 years ago | (#26171827)

Hey! Those are BOTH ME, you insensitive clod!

-- Bob <bob@aol.com>
(012) 345-6789

Re:Yep. We're vulnerable. (1)

RMH101 (636144) | more than 5 years ago | (#26172121)

Same here.

Dave Null,
127, Loopback Lane
Alaska

Re:Yep. We're vulnerable. (0)

Anonymous Coward | more than 5 years ago | (#26172329)

is it bad taste that I use 10048 as my zip code?

Re:Yep. We're vulnerable. (3, Funny)

achenaar (934663) | more than 5 years ago | (#26172535)

That depends if you're referencing WTC or the Winsock Error 10048 - Address already in use.
Personally, I quite like the irony of the Winsock Error one.

Re:Yep. We're vulnerable. (1)

mengel (13619) | more than 5 years ago | (#26174173)

I've often used the address:
Michael T. Maus
1675 N Buena Vista Dr. [google.com]
Lake Buena Vista, FL 32830

Re:Yep. We're vulnerable. (3, Informative)

xaxa (988988) | more than 5 years ago | (#26172343)

the unlucky person who got the telephone number 01234567890

That's a real telephone number in the UK. It would be allocated to someone in/near Bedford (01234). Possibly this private hospital [ramsayhealth.co.uk] (which is in Essex, but the company office given at the bottom of the screen is in Bedford).

Re:Yep. We're vulnerable. (0)

Anonymous Coward | more than 5 years ago | (#26172505)

It is, it says at the bottom of the page under Urgent admission policy.

Spose if it's urgent, then it's good that it's a memorable number...

Re:Yep. We're vulnerable. (0)

Anonymous Coward | more than 5 years ago | (#26173191)

It's also a possible number in Pretoria, South Africa.

Re:Yep. We're vulnerable. (1)

anexkahn (935249) | more than 5 years ago | (#26173201)

What about all those people with the telephone number 8675309

In case you don't the significance of that number: http://en.wikipedia.org/wiki/867-5309/Jenny [wikipedia.org]

Re:Yep. We're vulnerable. (1)

Amazing Quantum Man (458715) | more than 5 years ago | (#26173249)

"Damn you Tommy Tutone!"

Re:Yep. We're vulnerable. (0)

Anonymous Coward | more than 5 years ago | (#26200625)

I dunno about you, but Jenny is easy.

There's a reason her phone number is on the bathroom wall.

Re:Yep. We're vulnerable. (1)

curtix7 (1429475) | more than 5 years ago | (#26173395)

thats why all of my passwords are "wasd123"

Re:Yep. We're vulnerable. (1, Funny)

Anonymous Coward | more than 5 years ago | (#26176053)

thats why all of my passwords are "wasd123"

Not your slashdot password...

Re:Yep. We're vulnerable. (0)

Anonymous Coward | more than 5 years ago | (#26179791)

...well, not any more.

Re:Yep. We're vulnerable. (1)

DrEldarion (114072) | more than 5 years ago | (#26177051)

I bet asdf@asdf.com thought he had a really cool email address ... for about a day.

Re:Yep. We're vulnerable. (1)

barzok (26681) | more than 5 years ago | (#26171657)

my name and address still sits there in the databases

Holy shit! We're in trouble! It's probably in the phone book and all manner of public records too!

Re:Yep. We're vulnerable. (1)

theaveng (1243528) | more than 5 years ago | (#26171731)

Yeah but phone books don't include my credit card numbers as some of the Web accounts do.

Re:Yep. We're vulnerable. (1)

TheThiefMaster (992038) | more than 5 years ago | (#26171973)

If these are old, the numbers won't be valid any more...
At least with a UK card number, every issue of the card ends in a different set of digits (last 6?)

Re:Yep. We're vulnerable. (3, Informative)

HAKdragon (193605) | more than 5 years ago | (#26172209)

It's been my experience that in the US, the number will stay the same, but the 3 digit validation number will change, as will the expiration date - both of which are needed for doing online transactions.

Re:Yep. We're vulnerable. (1)

Opportunist (166417) | more than 5 years ago | (#26174545)

While you're right, that's not the point here. This is about you logging into your email, ebay, online banking etc while a trojan is logging your keystrokes.

And it's not even like this could not be cured. There are ways to prove that you're the rightful owner of the account without transmitting credentials in a way that someone intercepting them can fake being you. The simplest to implement would be giving the user a huge list of credentials and asking him only for parts of it, randomly. There are more elegant solutions that pretty much everyone who studied IT for at least a semester or two knows about. Any IT bacc can implement them.

Why we don't have them is beyond me.

And a.... (2, Funny)

Anonymous Coward | more than 5 years ago | (#26171515)

"10,700 online bank account credentials, 149,000 stolen e-mail credentials, 5,682 credit card numbers, and 5,712 sets of eBay credentials."

*sings* And a partridge in a pear tree...

And the rest of us pay (0)

luvirini (753157) | more than 5 years ago | (#26171517)

Ofcourse anyone might become a victim of these types of things, but the probability of someone becoming a target is greatly influenced by the really basic security things to do.

In many other types of things it is the stupid(ie. one not taking care of own part) that pays, but unfortunately in most of these types of things, it is the bank or other institution that had to stay for the costs, leading them to be part of the costs spread out on everyone.

Thus there really should be some sort of competence required to get on internet, the same way there is some way there is some sort a competence requirement to drive a car on public roads.

The main parts of such requirement would be basic questions of security and basic demonstrated competence to operate.. the same way drivers lisence is about security and ability to operate the tool..

Re:And the rest of us pay (0)

Anonymous Coward | more than 5 years ago | (#26171611)

Thus there really should be some sort of competence required to get on internet, the same way there is some way there is some sort a competence requirement to drive a car on public roads.

Maybe I'm the only one who thinks this, but your analogy is extremely flawed. One might lead to death, the other to some monetary loss.
Besides, banks are reinsured.
You also might want to check up on your writing abilities.
And I'm sure you're the first in line bitching when others want to regulate what you can do online.

New consumer kits out soon! (1)

knutkracker (1089397) | more than 5 years ago | (#26171531)

Amazing how criminals are always the first to use any new tech. [theonion.com]

Why AUSCERT? (1)

Anonymous Cowherd X (850136) | more than 5 years ago | (#26171545)

I was puzzled by the fact that they decided to have the Australian CERT notify the victims. From the full report:
This CERT works together with different banks and other providers to inform the victims.

What makes AUSCERT more trustworthy than any other CERT?

That's a lot of effort to go to... (1)

Brad_McBad (1423863) | more than 5 years ago | (#26171559)

... when this woman [katu.com] proves that you don't even have to be very creative to use the interweb to get other people's money...

How are they storing this data? (0)

Anonymous Coward | more than 5 years ago | (#26171571)

33 gigabytes worth of purloined data from more than 170,000 victims.

33GB for ~170,000 people's data? And judging by the summary (yeah yeah, didn't RTFA) it's all just text data? Even if we assume "over 170,000" means 250,000 people that's 138kB per person. I've got data for every real/fake/temporary account I've ever set up in a single file - it's about 3kB. So, what information could they possibly have that would justify those apparent data sizes? Or are they just using UTF-4096?

Re:How are they storing this data? (2, Informative)

Ihmhi (1206036) | more than 5 years ago | (#26171595)

Profile pages could have just been saved wholesale rather than text files?

Or perhaps it's all in a huge database with a searchable index.

what would that matter? Eats up space ... (1)

freaker_TuC (7632) | more than 5 years ago | (#26173129)

It wouldn't matter to these people because:

  1. It would eat up a lot more space to capture raw data instead of filtered data
  2. They seem to be interested only in identity, not the rest
  3. It's size wouldn't show up as fast on a NOC radar or through a hacked user account
  4. They would need more time to transfer these collections of data
  5. More data requires more diskspace (and often too cpu)

They are working as optimized as any respectable server administrator or programmer would think like; maximize the required information while minimizing resources.

I've found such collection point myself on a customer server before; it would appear more to me these points are being distributed to a central authority which combines all this data and sells it in wholesale prices at the black market. The software I've found to rootkit that server was astonishing; together with the little bit of data it already collected over the 3 weeks the customer has been running the server with 3 rootkits, unknowingly.

It has come to his attention as soon as his disk space was running out without adding extra projects to the server; imagine if that server would be collecting RAW data instead of filtered...

Re:How are they storing this data? (1)

HistoricPrizm (1044808) | more than 5 years ago | (#26171637)

It's a data dump, not the filtered results that you're referring to. Think of how much you type every day, and then think of how much of that is data useful for stealing your money/credit/identity.

Re:How are they storing this data? (4, Funny)

diskis (221264) | more than 5 years ago | (#26171647)

Raw data from keyloggers?
I think gamers can quickly fill up 138kB with lots of w,s,a and d keypresses :)

Re:How are they storing this data? (0)

Anonymous Coward | more than 5 years ago | (#26172313)

Modern keyloggers use algorithms and/or regex to find certain data like credit card numbers or email addresses and some even specifically filter out "wasd" patterns.

Re:How are they storing this data? (3, Funny)

Da Fokka (94074) | more than 5 years ago | (#26173275)

Hahaa! That's why I use asdfasfd as my online banking password.

Re:How are they storing this data? (0)

Anonymous Coward | more than 5 years ago | (#26175859)

What? it only shows up as ******** for us. It works like that for every password.

Re:How are they storing this data? (0)

Anonymous Coward | more than 5 years ago | (#26178267)

Any keylogger worth its salt wouldn't filter "wasd" patterns logged from a browser window.

New Passwords (2, Funny)

Xandar01 (612884) | more than 5 years ago | (#26173339)

>Modern keyloggers use algorithms and/or regex to find certain data like credit card numbers or email addresses and some even specifically filter out "wasd" patterns.

Then make all your passwords "wasd" derivatives!

Re:How are they storing this data? (1)

dickens (31040) | more than 5 years ago | (#26176417)

Well at least they'd compress really effectively...

Re:How are they storing this data? (0)

Anonymous Coward | more than 5 years ago | (#26172191)

They used a .doc for each person.

Re:How are they storing this data? (0)

Anonymous Coward | more than 5 years ago | (#26172953)

33GB for ~170,000 people's data?

It's all encoded in xml.

victims of stupidity (1)

Bizzeh (851225) | more than 5 years ago | (#26171591)

many of the victims of these sorts of things are victims of their own stupidity or greed.
if a normal person gets an email letting them know they have a problem with their bank account, with a bank they dont bank with, in a country they dont live in, where the bank is asking for their card details to make sure they are fine... said person would delete the email and do nothing more about it. people who get scammed will send off their card details thinking "ohh, the bank of america opened an account for me" or, "i wonder if some american left me all their money".
it generally is their own fault. there is only the odd case where anything has actually happened that doesnt involve the victims stupidity or greed.

Re:victims of stupidity (1)

Zironic (1112127) | more than 5 years ago | (#26171801)

Well, personally I've found out about actual bank accounts I didn't know about. However that's always by mail(snail) and they never ask for any details.

They usually go either like "You havn't touched this account in our bank for years, we'd recommend you going past our local bank office and going through it".

or "We've closed this empty inactive account, thank you for your time"

Re:victims of stupidity (0)

Anonymous Coward | more than 5 years ago | (#26176149)

http://www.bash.org/?678715

I think I played this on the C64 (1)

Sockatume (732728) | more than 5 years ago | (#26171823)

Make sure the mutants don't get the little dudes.

modx doWn (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26171949)

standards should Not so bad. To the the of7icial GAY crisco or lube. 4, which by all play parties the from the sidelines,

left behind (1)

dakup (1423621) | more than 5 years ago | (#26171965)

How should i see this. Is it like forgotten it-resources left behind by hackers or the like? Will we find a lot of these 'left behind', forgotten data stashes in dark corners of the Internet in the future? Will there be cyber-spider-webs and cyber-cockroaches crawling around?

They took a lot of dumps! (1)

JoshDM (741866) | more than 5 years ago | (#26172789)

Don't take one of mine!

Allow me to rephrase this... (1)

Falkentyne (760418) | more than 5 years ago | (#26173039)

Using figures from Symantec's 2007 study on the prices that these credentials can fetch at e-crime bazaars, the researchers estimate that a single cyber crook using one of these kits could make a tidy daily income.

So, in other words:
Using sophisticated number crunching techniques, researchers have concluded that cyber criminals will make a lot of money.

Cleared that up for everyone.

Interesting... (1)

rickb928 (945187) | more than 5 years ago | (#26173237)

Assuming that each record is unique, a potential total of 171,094 records, and about 192.876KB per record.

That's a lot of data for each record... And if these are just credentials, such as account numbers, user IDs, passwords, security questions, this is a passably HUGE amount of data being claimed.

I suspect there is a lot of duplication out there. We know of 33GB, but how much is the same lame accounts re-listed and re-sold over and over?

While 171k+ of accounts isn't nothing, I'm disappointed they didn't find several million, when we know of many millions of records being 'lost' or 'found' lately.

I'm betting this is not so much a treasure trove as the tiniest tip of the iceberg.

Of course, all those XDWWWD, AWWD, WWWWWWWWAD, WWDWWTA, WDWDWWWWWWWD, AWWWAWWWWWWADAWDAT, WXWWWWAWWWA, WWWWWWWWWWWAWD, WWWWAWWAWDWDAWAWT(INS) strings (How to get to the 6th floor in Avatar, roughly, and kill whatever is at the bottom of the stairs if you're stud enuff) had to go somewhere. So in addition to harvesting mass data from lusers, the poor crooks gotta sort it out from interminable loop quests on 14.

Enjoy, you thieving bastards. Good Hunting! Your average Avatar player doesn't really have enough money to make it worth yer while, nor a credit rating worthy of buying a decent monitor. BAHAHAHAHA!

Sorry to say.. (2, Insightful)

hesaigo999ca (786966) | more than 5 years ago | (#26173513)

Is it just me, or does this seem pretty sad, that so many of today's so called security companies, don't bother to contact the victims of this to at least tell them "Hey you might want to change your password to your online banking, someone stole it, or etc..."

I am dissapointed by our leading security community, for leaving these "dumps" in the open to review them, yes after a few days or weeks of activity, ...ok, but then afterwards, contact the victims and let them know they have been compromised.

When do they hear about it, ...never???

Re:Sorry to say.. (0)

Anonymous Coward | more than 5 years ago | (#26173899)

The study mentions that the victims were informed: "We are not in a position to inform each victim about the security breach and therefore decided to hand over the full data set to AusCERT, Australia's National Computer Emergency Response Team. This CERT works together with different banks and other providers to inform the victims. We hope that the data collected during this study can help to recover from the incidents and more damage is prevented."

A fine evaluation by the researchers (2, Insightful)

saintsfan (1171797) | more than 5 years ago | (#26173869)

job well done. They realized that the crooks stealing information from average computer users - novice, gullible and/or unconcerned - are just as susceptible themselves. Bugs in the exploiting software, misconfigured servers, and unsophisticated application programming logic can be used against them. The drop sites can be identified and apparently often times compromised, there is weakness in the system. But not just any system, a systemic international problem of organized crime (at times loosely) that threatens the financial and private information of average citizens, institutions and critical information systems. Now, why is it that researchers from a university are apparently more capable of identifying, evaluating, and investigating these risks then the many government organizations and private institutions tasked with these responsibilities? know where a drop zone is? shut it down. know who downloaded the information? Arrest them. identify the communication patterns of the trojans? scrub them. you don't know these things? change your tactics and pay attention.

Honest Question (1)

blhack (921171) | more than 5 years ago | (#26174145)

How many of us have been at least intrigued by the idea of working on something like this? Granted, yes, it is illegal and immoral, but I'm sure it is a really interesting challenge.

Spit out keyloggers at a few hundred thousand/million computers (which sounds like a fun task to begin with), then set up a dump where all the logged keys go. Write some perl to look through the dumps searching for CC#s, SSNs, bank account numbers, passwords, etc. etc. and sort them accordingly. Then dump all of this into a searchable database.

That sounds like a very difficult, and VERY interesting challenge. Given the size of slashdot, and the type of crown it attracts, I imagine that there are a few people that work on these things trolling this very thread.

Care to give us any nerdy details on how the back-end of this thing works?

How can this data be so large??? (1)

dialbat (900703) | more than 5 years ago | (#26176011)

Guys, can someone tell me how the hell is what looks to me a text data of CC numbers and other credentials be 33GB??? and only for 171000 people. It's only text!!! Do they have a hi res images of folks they still data from as well?? How can this data be so large???

Numbers not surprising. (1)

Anachragnome (1008495) | more than 5 years ago | (#26177413)

If you think about it, the numbers are not that surprising.

Just think of how many people have had World of Warcraft accounts jacked with keyloggers. This could simply be a repository for jacked WoW passwords for use by some gold resellers, who also managed to capture all the other data. The email captures are of particular interest as this could be used to keep up to date on password changes made by the OWNER of the accounts even if the keylogger is lost.

When you compare the numbers in TFA to the accountbase of WoW(11 million?), it doesn't sound quite as sinister. Actually, more like something we all knew was happening, just not discussing until somebody looked under a rock and found some of it.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...