Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

40 Million Identities Up For Sale On the Web

kdawson posted more than 5 years ago | from the big-fat-target dept.

Security 245

An anonymous reader writes "Highly sensitive financial information, including credit card details, bank account numbers, telephone numbers, and even PINs are available to the highest bidder. The information being traded on the Web has been intercepted by a British company and collated into a single database for the first time. The Lucid Intelligence database contains the records of 40 million people worldwide, mostly Americans; four million are Britons. Security experts described the database as the largest of its kind in the world. The database is in the hands of Colin Holder, a retired senior Metropolitan police officer who served on the fraud squad. He has collected the information over the past four years. His sources include law enforcement from around the world, such as British police and the FBI, anti-phishing and hacking campaigners, and members of the public. Mr. Holder said he has invested £160,000 in the venture so far. He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached."

cancel ×

245 comments

Sorry! There are no comments related to the filter you selected.

Where does a cop get £160,000? (2, Insightful)

winkydink (650484) | more than 5 years ago | (#28775989)

He saved up?

Re:Where does a cop get £160,000? (4, Funny)

russotto (537200) | more than 5 years ago | (#28776091)

He's got backers, I think. Al Queda is a possibility, but I suspect it's actually SPECTRE.

Re:Where does a cop get £160,000? (0, Redundant)

davester666 (731373) | more than 5 years ago | (#28776237)

So he's now making this info freely available on the Internet, or is it behind a paywall?

Re:Where does a cop get £160,000? (4, Funny)

Beardo the Bearded (321478) | more than 5 years ago | (#28776279)

It's easy to access. All you have to do is email him your name and credit card info and ... ... wait a minute.

creek walk (1)

Gary W. Longsine (124661) | more than 5 years ago | (#28776819)

Either way, this guy is a candidate for a walk to the creek with Pat Buchanan.

Re:creek walk (1, Funny)

Anonymous Coward | more than 5 years ago | (#28777177)

What? Pat Buchanan? WTF is Pat Buchanan gonna do? Show off his liver spots?

Re:Where does a cop get £160,000? (5, Insightful)

mccalli (323026) | more than 5 years ago | (#28776159)

No, we did. We being British tax payers, of which I am one, who are currently funding his pension. We're also funding the British police too, mentioned in the article as one of his sources. It follows then that we funded his career in the Met as well.

And now the git wants us to pay for stolen information, obtained from publicly funded sources utilising his publicly funded connections to acquire. Whatever his previous achievements in the Met may or may not have been, now he is simply a slimy scammer trading in stolen goods. The man is a disgrace.

Cheers,
Ian

Re:Where does a cop get £160,000? (0, Flamebait)

Ethanol-fueled (1125189) | more than 5 years ago | (#28776359)

That's a fucking Jew for 'ya.

I can envision him rubbing his hands together like a hungry fly that just landed on a steaming pile of tasty shit.

Re:Where does a cop get £160,000? (2, Insightful)

BikeHelmet (1437881) | more than 5 years ago | (#28776509)

It's his right to do whatever he wants with his pension. If he wants to create a database of stolen identities, he can do that. And if he asks for payment to see if you are inside it, he can also do that.

He just can't do anything nefarious or illegal with it.

Re:Where does a cop get £160,000? (5, Interesting)

Anonymous Coward | more than 5 years ago | (#28776535)

Actually, under the Data Protection Act he isn't allowed to hold that database at all. This will end very badly for him.

Re:Where does a cop get £160,000? (5, Insightful)

BitZtream (692029) | more than 5 years ago | (#28776627)

Like ... actually having the information in the first place without permission of the owners of the data. The only legal thing he can do with it is destroy it.

I certainly have not authorized him to use my information.

Re:Where does a cop get £160,000? (1)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#28776811)

Sounds like he may have taken the term "fraud squad" in the opposite of the way it is (ostensibly) intended...

Re:Where does a cop get £160,000? (1)

sbeckstead (555647) | more than 5 years ago | (#28777145)

Like charge money to see if you need protection? Hate to see anything nasty happen to that identity you got there.

Re:Where does a cop get £160,000? (2, Funny)

Kozar_The_Malignant (738483) | more than 5 years ago | (#28776961)

now he is simply a slimy scammer trading in stolen goods. The man is a disgrace.

Or possibly an MP.

Re:Where does a cop get £160,000? (3, Informative)

plover (150551) | more than 5 years ago | (#28777053)

now he is simply a slimy scammer trading in stolen goods. The man is a disgrace.

Or possibly an MP.

Same thing.

Re:Where does a cop get £160,000? (1)

Ihmhi (1206036) | more than 5 years ago | (#28777031)

Regardless of his connections, he earned his pension. What he's doing is somewhat unethical, but by no means illegal.

He could just as easily have quietly sold the entire database for millions.

Re:Where does a cop get £160,000? (2, Insightful)

Kalriath (849904) | more than 5 years ago | (#28777117)

Oh, it's illegal all right. In many countries. Just because the US government doesn't give a crap about privacy, doesn't mean other countries don't.

Re:Where does a cop get £160,000? (1)

sbeckstead (555647) | more than 5 years ago | (#28777161)

Hate to see anything nasty happen to that identity you got there. Got few bob, I'll see nothing nefarious happens to this here information.

Obama not familiar with his own health care bill (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#28776783)

http://www.heritage.org/2009/07/21/morning-bell-obama-admits-hes-not-familiar-with-house-bill/ [heritage.org]

I guess we're just supposed to take his word that we'll be able to keep our current insurance if we choose to, and that our taxes won't go up a single penny if we make under $250k (or whatever arbitrary amount he's picked this week). I for one don't trust that insane, power-hungry bitch Pelosi enough to take Obama at his word on a bill that he's admittedly not familiar with. Dude, you're the President. You're supposed to know what your subordinates are up to. Do you have something better to do? You wanted the job, now sack up!

one, please (4, Funny)

tverbeek (457094) | more than 5 years ago | (#28775999)

I'll take one. I've been meaning to get a life.

Look up our own information, huh? (4, Funny)

CorporateSuit (1319461) | more than 5 years ago | (#28776013)

Hello. My name is Mr. Burns. I believe you have some info for me.
Ok Mr. Burns, what's your first name?
I... don't know....

good point (1)

interkin3tic (1469267) | more than 5 years ago | (#28776231)

This is also good for those of us who have forgotten our pin number and social security numbers and are too lazy to sort it all out at the bank. Not that we have any money left in said bank accounts...

Re:good point (0, Redundant)

maxume (22995) | more than 5 years ago | (#28776283)

Is your pin number personal?

Re:good point (1)

interkin3tic (1469267) | more than 5 years ago | (#28776389)

It's the first part of my social security number

Re:good point (0, Redundant)

maxume (22995) | more than 5 years ago | (#28776415)

Personal identification number number.

Re:good point (1)

amicusNYCL (1538833) | more than 5 years ago | (#28776449)

Expand the acronym:

Is your personal identification number number personal?

Re:good point (1)

maxume (22995) | more than 5 years ago | (#28776585)

Yes, that was the point. See:

http://slashdot.org/comments.pl?sid=1310539&cid=28776415 [slashdot.org]

(the timing suggests that it is perfectly reasonable for you to have missed that post, it just confirms the above)

splitting hairs (5, Interesting)

tverbeek (457094) | more than 5 years ago | (#28776019)

"He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached."

How, exactly, does this differ from extortion?

Re:splitting hairs (2, Insightful)

BitterOak (537666) | more than 5 years ago | (#28776131)

"He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached."

How, exactly, does this differ from extortion?

Because he wasn't the one who stole the information in the first place. He's merely offering a service to let you know if you've been the victim of a crime. This is very valuable information, as it could prompt you to cancel credit cards, or change PIN numbers. He had to incur some expenses to acquire this information so why should he give it away for free? The criminals are the ones that stole the information in the first place.

Re:splitting hairs (3, Insightful)

maxwell demon (590494) | more than 5 years ago | (#28776183)

So if I buy some stolen goods from a thief and then sell that stuff back to the original owners, then I'm fine because I'm not the one who has stolen the stuff? I don't think so.
So why is this case different?

Re:splitting hairs (1)

jonbryce (703250) | more than 5 years ago | (#28776249)

As we always point out whenever the RIAA, MPAA or BSA mention it, copying != theft. Theft takes place when someone uses these details to buy something or borrow something they shouldn't be buying or borrowing.

Secondly, they are not selling you your credit card back, they are selling you the information that it is being passed around carding sites.

Re:splitting hairs (1)

ImNotAtWork (1375933) | more than 5 years ago | (#28776355)

What your describing is fencing. I was only stating that this situation is not extortion.. nothing more.

Re:splitting hairs (1)

ImNotAtWork (1375933) | more than 5 years ago | (#28776407)

disregard this post I thought you were replying to me. my apologies.

Re:splitting hairs (1)

sbeckstead (555647) | more than 5 years ago | (#28777217)

extortion like charging money to see if you need protection? Hate to see anything nasty happen to that identity you got there.

Re:splitting hairs (1)

maxume (22995) | more than 5 years ago | (#28776425)

He isn't selling anything back to the owners, he is selling information about their information to them.

Ideally, the government agencies that provided him the information would simply contact the people free of charge, undercutting his prices.

Re:splitting hairs (2, Interesting)

amicusNYCL (1538833) | more than 5 years ago | (#28776469)

No, you don't understand, that's not what this fine ex-cop is doing. It would be equivalent if you went around buying everyone's stolen goods, and then in order to recoup that cost, you charged people for the privilege of knowing whether or not their goods were stolen.

Re:splitting hairs (2, Insightful)

CorporateSuit (1319461) | more than 5 years ago | (#28776199)

Because he wasn't the one who stole the information in the first place. He's merely offering a service to let you know if you've been the victim of a crime. This is very valuable information, as it could prompt you to cancel credit cards, or change PIN numbers. He had to incur some expenses to acquire this information so why should he give it away for free? The criminals are the ones that stole the information in the first place.

That depends on when he acquired it, and the resources he used. If he acquired it on the job, or using government equipment and/or connections, then it's the government's information and he doesn't have the right to sell it. If this was a "post-retirement" project he's been working on, then it would be legal.

Re:splitting hairs (5, Insightful)

FromellaSlob (813394) | more than 5 years ago | (#28776337)

If this was a "post-retirement" project he's been working on, then it would be legal.

No it wouldn't. This guy has no legal basis to acquire or retain this data, he's in very serious breach of the UK Data Protection Act.

Re:splitting hairs (2, Interesting)

Civil_Disobedient (261825) | more than 5 years ago | (#28776651)

Yeah, I don't understand how even possessing that kind of database is legal, let alone trying to charge people for access to it.

I think this guy's business model needs some work.

Re:splitting hairs (1)

anonymous donor (1440447) | more than 5 years ago | (#28777015)

I'm not really sure that he can't keep the data, but he can't charge for access. According to data protection laws anyone has right to ask what data about them is stored in said database, how it's stored and to correct, or remove it. Free of charge.

Re:splitting hairs (5, Informative)

FromellaSlob (813394) | more than 5 years ago | (#28777171)

The UK DPA also requires that he have a legitimate reason to hold this data in the first place, which would be either a direct customer relationship, or a third party one like a credit reference agency (where the customer gives permission for the third party data-sharing as part of their credit applications). It also requires that he hold it for no longer than strictly necessary for the purposes of said business relationship. The law in question thankfully makes this an explicitly opt-in thing, outside of government no-one can legally collect your data without your permission and then require you to opt out.

Re:splitting hairs (0, Redundant)

Anonymous Psychopath (18031) | more than 5 years ago | (#28777183)

What, information wants to be free unless it's your information?

Re:splitting hairs (0)

Anonymous Coward | more than 5 years ago | (#28776363)

The article is a bit poorly worded, but it sounds like the 'government connections' he used were to tip him off to people selling / trafficking in the information, so that he could then purchase it, not used in obtaining information (if a former police officer can use his police connections to get personal information, the focus of the article would be that it was blatantly illegal, not that it was a service)

So the point is correct - he's offering, for a fee, to let you know if your information is out there. Whether it's useful or not is another matter (if the answer is yes, it's not clear what action you could take other than what you should be doing anyway, and if it's no, that just means that he wasn't able to buy your information, not that it isn't being sold elsewhere)

Re:splitting hairs (0)

tverbeek (457094) | more than 5 years ago | (#28776543)

So it's extortion by an accomplice after the fact.

Re:splitting hairs (1)

sbeckstead (555647) | more than 5 years ago | (#28777197)

If he has said numbers stored on his hard drive he is in violation of several laws and probably even in England.

Re:splitting hairs (4, Insightful)

ImNotAtWork (1375933) | more than 5 years ago | (#28776161)

Extortion is threatening to use the information against you or leaking it even more if you do not pay. The company is not doing this. The company is saying this is what I have come across during my travels... If you want to know what I know about you then pay up, you are not obligated to do so. Kind of like those for pay credit score reports. (I know you don't have to pay for the credit report.. but the credit score is a different matter.)
I am in no way defending the practice.

The answer is always "yes." (3, Interesting)

zippthorne (748122) | more than 5 years ago | (#28776293)

It's far more brilliant.

You must give him some information about yourself to determine if you're in the database, non? Information that includes your credit card numbers, perhaps. Where do you think that data goes, I wonder.

Re:splitting hairs (1)

mi (197448) | more than 5 years ago | (#28776749)

How, exactly, does this differ from extortion?

The Princeton WordNet dictionary defines "extortion":

  1. extortion — (an exorbitant charge)
  2. extortion — (unjust exaction (as by the misuse of authority); "the extortion by dishonest officials of fees for performing their sworn duty")
  3. extortion — (the felonious act of extorting money (as by threats of violence))

Now, the first one does not apply — although we don't know, what he plans on charging, it is highly unlikely to be "exorbitant".

The second one might apply, if we interpret the "sworn duty" widely, and he started on this before retiring. It is more likely, that his "contacts", who helped him, while still on the government payroll, are extorting...

And the third does not apply, because he is not threatening anybody...

On the other hand, no government program exists, AFAIK, to notify individuals of the law-enforcement's discovery of their private information "outside" — in other words, it is not anybody's "sworn duty" to notify us. Then, again, perhaps, such program would've been created by now, had the police not had this guy's outlet in mind...

Finally, I think, I'd welcome a private individual organizing this kind of business. Even if they were ex-police — after all, private investigators do exist, and nobody calls ex-cops among them "extortionists".

Re:splitting hairs (1)

sbeckstead (555647) | more than 5 years ago | (#28777187)

hey there Mr, that looks like a nice identity you got there hate to see anything nasty happen it. Give us a pound or two, here now got anything larger, there ya go now I'll just take a look here and well what do ya know you aren't on this list, well Bob's yer uncle that was easy wasn't it. Here then who's next.

So let me get this straight... (5, Interesting)

FSWKU (551325) | more than 5 years ago | (#28776021)

He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached.

So in order to find out if your personal information has been breached, you have to disclose said information AND pay a fee. Seems a little fishy to me. Isn't that how a lot of identity-theft scams operate in the first place? "Hey, your identity is at risk. Send us money and details and we'll check to see if you're a victim or not.........and.....YES...you are now a victim! Thank you for using Thieves-R-Us!"

Re:So let me get this straight... (1)

j-stroy (640921) | more than 5 years ago | (#28776119)

Sure sounds a lot like those spyware scans that list 542 threats(cookies) have been found! zomgwtfbbq!!11

If the info is real, it seems national governments should purchase the list in its entirety in order to protect their citizens.

Then they can lose the laptop, scrap the hard drives and it will show up in vendors stalls in Saharan Africa allowing the cycle to continue.

Re:So let me get this straight... (1)

HomelessInLaJolla (1026842) | more than 5 years ago | (#28776635)

zomgwtfbbq!!11
BBQ. Amen.

Re:So let me get this straight... (1)

PeanutButterBreath (1224570) | more than 5 years ago | (#28776473)

Seems a little fishy to me.

Or phishy.

Re:So let me get this straight... (1)

stephanruby (542433) | more than 5 years ago | (#28776579)

Also there are only three ways one can procure this information. 1) He got it from government agencies (therefore, it's private information that the government owns, not information that one sole private individual owns), 2) He purchased this information directly from the bad guys (thereby, he's been personally funding them), and/or 3) He got this information directly from the Corporations breached themselves (therefore, he's been inducing those Corporations into leaking even more information than they already were).

When are we arresting this guy? Can we send a black plane over there and make him disappear?

Re:So let me get this straight... (1)

EdIII (1114411) | more than 5 years ago | (#28776857)

Seems a little fishy to me.

Seems a little illegal to me. Identity Theft is a crime right? Don't the victims have legal rights to the information? I would think in the U.S and the U.K that this guy would be obligated to report these crimes.

Re:So let me get this straight... (0)

Anonymous Coward | more than 5 years ago | (#28777039)

It's only one rung above: "Send me $5 to find out how you can get rich quick."
*insert PayPal button here*

Also, "Holder"? Hilarious.

Re:So let me get this straight... (4, Insightful)

Eil (82413) | more than 5 years ago | (#28777195)

So in order to find out if your personal information has been breached, you have to disclose said information AND pay a fee. Seems a little fishy to me.

More than a little fishy. I read this as, "British fraud officer leaves the force, collects the personal information of 40 million people from the black market and his buddies in law enforcement, and is now using it to make money. Oh, but it's not unethical this time because he used to be a policeman." If it was illegal for the phishers and fraudsters to have this ill-gained information, why is it not illegal for a former police officer to have it?

I know there are no privacy laws in Britain, but here in the U.S., I would hope that there's a law providing for the destruction of personal and/or financial details that were obtained illegally once they are no longer considered evidence in an ongoing prosecution.

Isn't it a crime (1, Insightful)

Anonymous Coward | more than 5 years ago | (#28776029)

for a hacker to have that information on their computer. So how is it legal for a company to keep all of that information. Not to mention making the company publicly known will make it a huge target for hackers as now every single person knows that if they get in there is 40 million identies they can have.

Seems to me that legally it should be shut down and every single person in the database be informed that their identiy has been stolen. . . twice it would seem.

Re:Isn't it a crime (1)

BitterOak (537666) | more than 5 years ago | (#28776167)

for a hacker to have that information on their computer. So how is it legal for a company to keep all of that information.

No. It is a crime to steal that information in the first place. And in some cases, having that information on your computer might be evidence that you've committed that crime. But that's not what happened here. He's collected information that's already been stolen, and is selling a potentially valuable service in letting people know they've been a victim of a crime so they can take steps to mitigate the damage.

Re:Isn't it a crime (0)

Anonymous Coward | more than 5 years ago | (#28776229)

but it is a crime to _receive_ stolen properties from the thieves. Added to that, he is now making money from the stolen properties.

Re:Isn't it a crime (1)

FishWithAHammer (957772) | more than 5 years ago | (#28776367)

The pro-piracy folks around here say that copying isn't theft. I'd say that'd apply here too.

Re:Isn't it a crime (5, Insightful)

rohan972 (880586) | more than 5 years ago | (#28776831)

The pro-piracy folks around here say that copying isn't theft. I'd say that'd apply here too.

Not just the pro-piracy folks. Although I'd like to see reform, I am in favour of copyright. Incorrectly defining terms makes sensible discussion of a topic difficult or even impossible.

This topic doesn't inflame the argument so much because there is not a substantial portion of people who want "identity theft" to be legal. Since there is no debate on whether it should be allowed or not, using an incorrect term doesn't highjack the argument into being propaganda for one side. Theft and stealing are terms commonly used to describe things that are not in fact theft. That's usually ok, but when discussing proposed changes to laws that affect the whose society it isn't. For example, I would regard MPAA equating copying a movie with stealing a car, repetitively making that connection in the absence of opposing argument to the general population (on DVDs) as tainting the jury pool.

A teenage girl might accuse another of "stealing" her boyfriend. No problem, until you start proposing laws to have boyfriend thieves charged with theft. At that point, it would be necessary to point out the differences and that "stealing" is not really an appropriate term for what happened. That's where we are with copyright right now. In identity theft cases, I'm not sure there is a word to properly describe it yet. It is usually done in order to commit fraud, but the harvesting of the identity info is only the first step and probably isn't fraud in and of itself. Although fraud and theft are different, common usage of theft includes fraud, so theft is perhaps the best word to use right now even though it isn't exactly correct.

Re:Isn't it a crime (1)

Satanboy (253169) | more than 5 years ago | (#28777173)

I've got an idea!

let's make a new term for copying copywritten material!

We will call it STORROWING!

It's a mix of steal and borrowing, after all, we didn't really steal it, and we didn't really borrow it either.

Re:Isn't it a crime (3, Insightful)

owlnation (858981) | more than 5 years ago | (#28776483)

"He's collected information that's already been stolen"

Yes... but HOW, exactly, has he collected this information? It appears to be by using all sorts of connections all over the world, who are providing him with data and using the time and money of the State or Nation that employs them.

That has got to be a crime. It had damn well better be a crime.

I must say : (0, Redundant)

nukenerd (172703) | more than 5 years ago | (#28776031)

I for one welcome our new retired senior Metropolitan police officer overlord.

Ok, I'll bite... (1)

theMoleofProduction (842123) | more than 5 years ago | (#28776041)

"Here's my credit card number. So is my info in the database?"

"My database shows that your name and credit card have been compromised by scammers. I'm so sorry. For a small fee, we can secure your information for you..."

If he has my sensitive data... (2, Interesting)

DreadfulGrape (398188) | more than 5 years ago | (#28776057)

... can I then sue him for illegally possessing my sensitive data?

Re:If he has my sensitive data... (1)

Looce (1062620) | more than 5 years ago | (#28776109)

I would imagine (without reading TFA, of course) that the officer has deleted all sensitive information and keeps only identifying information. You then input your identifying information and the database determines whether your sensitive information is in the hands of people with more nefarious intentions.

Re:If he has my sensitive data... (1)

palegray.net (1195047) | more than 5 years ago | (#28776245)

It would seem sensible to take common variations in the information (minor spelling differences for some data, accounting for different uppercase/lowercase combinations, abbreviations, etc), create a database of hashes for all this data, and use one-way hashing for comparing information submitted to determine if you know about it or not.

Re:If he has my sensitive data... (1)

Kalriath (849904) | more than 5 years ago | (#28777143)

I believe it's illegal to hold identifying information without the consent of the person it identifies. At least, in the UK I think. Definitely is here.

Re:If he has my sensitive data... (4, Insightful)

the real darkskye (723822) | more than 5 years ago | (#28776143)

If you're in the UK then as long as the data isn't held securely by him then yes. The UK's data protection act requires that all information that can be used to personally identify an individual is held securely.

If you're in the UK you can also use the Freedom of Information act to request any information he's holding about you, but for that he can charge a nominal fee, which is how he's probably planning on making the money invested back.

A former member of the metropolitan police and corrupt? Don't colour me surprised.

Re:If he has my sensitive data... (1)

jonbryce (703250) | more than 5 years ago | (#28776287)

It is the Data Protection Act you use, not the Freedom of Information Act. FOI applies to non-personal information held by public bodies, and no fee is payable.

1/10 of a cent per person (3, Insightful)

seifried (12921) | more than 5 years ago | (#28776069)

The scary part I think is that he amassed this data for roughly 1/10 of a cent per person in there. Good thing the bad guys aren't doing this. Oh wait....

Were you a victim of upskirt photography? (3, Insightful)

Anonymous Coward | more than 5 years ago | (#28776087)

I have put together a database of upskirt photos collected from the internet. For a small fee you can peruse my collection and find out if you were a victim.

ur doin it wrong (5, Funny)

interkin3tic (1469267) | more than 5 years ago | (#28776253)

I have put together a database of upskirt photos collected from the internet. For a small fee and a reference upskirt picture you can peruse my collection and find out if you were a victim.

fixed that for you

I Took The Name Luxury Yacht (1)

CyberSlammer (1459173) | more than 5 years ago | (#28776115)

But it's pronounced Throatwobbler Mangrove, so I had to pay extra.

This is probably illegal to sell (1, Interesting)

davidwr (791652) | more than 5 years ago | (#28776125)

He almost certainly obtained his information legally, but some or most of it came with strings attached, including prohibitions on any non-official or personal use.

I predict any attempt to monetize this by a private individual will be shot down fast.

It's one thing for a government to provide this service on a cost-recovery basis, under heavy regulation.

It's quite another for someone to collect this data under "official" or "can I have it as a favor" pretenses or even buy it on the "open market" but use the fact that you are in government to make people think you won't abuse it then turn around and sell the same information. Even if he's doing it on a cost-recovery basis, I don't see any regulation and it just looks bad.

What he should do:
Sort the data by country of residence or nationality, then give the data to those countries' governments or simply destroy it. If he asks nicely for donations and is clearly being good about the way he handles this, he might get enough to cover his costs.

I'd like to check my personal details please .... (2, Interesting)

whoever57 (658626) | more than 5 years ago | (#28776133)

My name? It's Bill Gates. Oh, no, it's Warren Buffet .... Barak Obama.......

Re:I'd like to check my personal details please .. (1)

Zantetsuken (935350) | more than 5 years ago | (#28776595)

Hugh Hefner?

Date and place of birth? (5, Funny)

Ungrounded Lightning (62228) | more than 5 years ago | (#28776621)

My name? It's ... Barak Obama.......

And what is your date and place of birth?

= = = =

(Moderators: Google "Barack Obama citizenship conspiracy theories".)

Re:I'd like to check my personal details please .. (0)

Anonymous Coward | more than 5 years ago | (#28776869)

My name is Inigo Montoya.

You have my data.

Prepare to die!

shut the fuck up kdawson (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#28776215)

you're a sack of shit out of some faggots ass.

Re:shut the fuck up kdawson (1)

palegray.net (1195047) | more than 5 years ago | (#28776267)

Please, tell us how you really feel.

How did he get this information? (1)

ImNotAtWork (1375933) | more than 5 years ago | (#28776301)

His sources include law enforcement from around the world, such as British police and the FBI, anti-phishing and hacking campaigners and members of the public.

Why are the British police and the FBI providing information to some one not directly involved in one of their cases. If this guy/company is involved in the case as a contractor why is he being allowed to double dip with sensitive case information? This definitely seems like an ethics or control of evidence violation has been perpetrated.

Is mine there? How much did it go for? Only That?! (3, Insightful)

gestalt_n_pepper (991155) | more than 5 years ago | (#28776303)

Well then, I'd like it *back* please. I wasn't done using it yet. You can have it after I'm finished.

Anonymous Coward. (0)

Anonymous Coward | more than 5 years ago | (#28776331)

1 .. use law informant means to collect (steal) personal data with out a warrant

2.. store in central location only know to single group

3.. charge to verify stolen data has not be stolen by another person.

4.. what a scam O wait I never gave my ok to sell my! data, without my! permission to collected my data..

If he really wanted to do the right thing... (4, Interesting)

3seas (184403) | more than 5 years ago | (#28776357)

... he'd notify the relative banks and get them to issue new cards to the card holders and then cancel the old account numbers.

Or isn't that something a police officer would not do?

Aren't the police supposed to help protect the public?

Hmm... Who's that at the door at this hour? (4, Funny)

Zantetsuken (935350) | more than 5 years ago | (#28776395)

Well I'll be, its Scotland Yard and a squad of SAS coming for tea and biscuts! What? They say they're not visiting for tea and biscuts?

Re:Hmm... Who's that at the door at this hour? (5, Funny)

commodoresloat (172735) | more than 5 years ago | (#28776689)

They're actually here to do two things -- kick ass and have tea and biscuits. As it happens, however, they're all out of tea and biscuits.

Any unemployed US workers on it? (0)

Anonymous Coward | more than 5 years ago | (#28776525)

If so, get this list to American companies QUICK! They claim to have to import H1-B workers just to fill jobs.

Prosecute for possesion of stolen property (4, Insightful)

Bob_Who (926234) | more than 5 years ago | (#28776561)

Lets be fair, he's in possession of stolen property, and although he has turned himself into the authorities, the law applies to all criminals, no matter how they draw a pension. Perhaps the blokes that raid private events based on facebook tags should try the swat team or bomb squad and put a stop to extortion and misuse of public authority. Its looking like a gang related organized crime syndicate, or perhaps its all a coincidence or just an invitation for the blue hats to hack his target rich database. Good thing he's armed with a mace and a night stick. That way he can defend the 40 million people who he feels each owe him .000567 in order to recoup expenses for obtaining stolen ID's.

Simply solution for this kind of shit. (1)

BitZtream (692029) | more than 5 years ago | (#28776611)

Tar and feather him, in public.

Beat him senseless, in public.

Then slit his throat, in public.

If someone else decides to do it after words, do the same thing to the next guy. It won't take too many public torturing followed by public executions to make the point.

Is this over the top? Maybe. We've definitely gone to soft on people for pulling this sort of shit.

Here's how to stay safe (4, Funny)

butabozuhi (1036396) | more than 5 years ago | (#28776629)

Go to Google (or Yahoo or Bing) and type in your full social security number. Hit ENTER. If you find your number online, you're a victim of identity theft! If you don't find your number online...just wait a few days as you just sent it clear-text for the whole world to see. Yeeeeehah!

A discussion on morality. (2, Insightful)

MrCrassic (994046) | more than 5 years ago | (#28776637)

I'm interested in hearing people's thoughts on the morality of this sale. Sales like these are completely non-unique, with one prominent example being the credit score business in the United States. As far as I know, Americans are only entitled to know their credit score for free twice a year, and no more. Additionally, lenders don't provide any fair warning that a person's credit score is at risk; in fact, younger credit card owners are encouraged to use their credit cards as primary spending sources with sign-up incentives and looser overall operating conditions.

Personally, I think that it's completely immoral to charge people for knowing whether their most treasured assets are at risk. Just don't let CNN know about it; I really don't want to deal with a full work day of them discussing privacy breaches, credit card fraud and how this all impacts Obama and Michael Jackson. (He's still dead.)

Re:A discussion on morality. (2, Interesting)

dave562 (969951) | more than 5 years ago | (#28776875)

I thought that you were allowed to obtain your credit REPORT for free once or twice a year. The credit SCORE is considered proprietary information and therefore subject to a fee. I think it's a load of crap. If there was justice in the world, ANY information that ANYBODY uses as part of a process to determine how they interact with and treat you, should be freely available to you.

I too ... (3, Funny)

PPH (736903) | more than 5 years ago | (#28776703)

... have a database which, for a small fee, I will be happy to verify that your records are not contained therein.

I think we've just discovered the "4) ?????" step.

Let credit card companies help (1)

d-r0ck (1365765) | more than 5 years ago | (#28776837)

Just check if you are on the list and then either way dispute the charge with your credit card company. Let them deal with him, should be interesting.

From one criminal to another. Arrest him. (2, Informative)

geekmux (1040042) | more than 5 years ago | (#28776873)

Charge with possession with the intent to distribute. I see no difference if he we in possession of 100 kilos of cocaine. What's to stop him from selling peoples information on this list to the highest bidder? Who's going to police the policeman? HIS morals are already in question based on his actions here.

And if he used his own money to invest in this bullshit scheme, thought shit. He should have known better.

Re:From one criminal to another. Arrest him. (1)

gujo-odori (473191) | more than 5 years ago | (#28776953)

Trouble is, unless it's a crim in the UK to possess that information (it's not one in the United States and at least most countries), charging him with possession with intent to distribute wouldn't stick; distribution of that information is likewise not a crime in the United States or most countries, so that wouldn't stick either. As for intent, well, it has to be proven, is difficult to prove, and the burden of that proof is on the prosecution.

There are a great many companies that have a great deal of PII on a lot of people, and they sell and trade it all the time? Legal? Yes. Should it be? Well, that's another question entirely.

Unless he uses that information to commit a crime, he's not doing anything illegal by having it, nor is he doing anything illegal to charge you a fee for telling you if he has info on your or not, and if so, what he has.

Ridiculous (1)

teamsleep (903456) | more than 5 years ago | (#28777049)

Simply ridiculous. I wonder what his fee will be, what, $400? I swear if it's above maybe $100, he's a total asshole. People won't even find this story and he'll get maybe 100 checking, only paying to find out they haven't been breached. Plus, to those who get their identities stolen they need to get better home computer security. Seriously how the hell are you getting this information stolen? Get a good virus/security program and learn common internet sense. Ugh, what the hell. I've had a computer since I was 12, when I started buying stuff online and using my real information I had great security and knew what to do and what not to do. This just pisses me off. In almost 4 years entering personal information/credit cards/bank involvement I haven't had any issues. Makes you wonder.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?