[ISN] Huge identity theft uncovered

From: InfoSec News (isnat_private)
Date: Sun Jul 29 2001 - 02:53:12 PDT

  • Next message: InfoSec News: "[ISN] CAIDA analysis of code.red spread"

    Forwarded by: "Jay D. Dyson" <jdysonat_private>
    Courtesy of Cryptography List.
    Two words: Oh ****.
    - ---------- Forwarded message ----------
    Date: Thu, 26 Jul 2001 10:59:38 -0400
    From: "R. A. Hettinga" <rahat_private>
    To: cryptographyat_private
    Subject: Huge identity theft uncovered
    Huge identity theft uncovered
    Files with Social Security and driver's license numbers
    pasted in chat room; possible link to cell phone applications
    By Bob Sullivan
    July 25 - Key personal data belonging to hundreds of individuals have been
    shared in an Internet chat room, in what one expert says could become one
    of the largest identity theft cases ever. The data include Social Security
    numbers, driver's license numbers, date of birth and credit card
    information - everything a criminal would need to open an online bank
    account, apply for a credit card, even create the paperwork necessary to
    smuggle illegal immigrants. It is still unclear how the data ended up in
    the chat room, but an MSNBC.com investigation has revealed common threads
    among the victims - including the purchase of a cell phone online from
    VerizonWireless.com or an AT&T Wireless reseller. 
    ACCORDING TO A SOURCE who requested anonymity, the customer data started
    flowing July 14 and continued at least through July 22. It's unknown just
    how many records were published, but at one point new records were flying
    by at a rate of two per minute. 
    The source provided MSNBC.com with a two-hour slice of log files from the
    chat containing information from about 50 people. MSNBC.com attempted to
    talk with all of the people named and interviewed 29. Of those, 17 said
    they had ordered wireless services online, using the Web site of Verizon
    Wireless, a joint venture of Verizon Communications Inc.  and Vodafone
    Group PLC. In each case, the victims had ordered service between December
    and April, and in almost every case, the victims lived in Illinois or
    The form of the data pasted into the chat room connected to those 17
    victims exactly matches the form used by potential customers on
    VerizonWireless.com when they fill out the credit check application. 
    Detailed information, such as driver's license and Social Security number,
    is necessary so the company can perform a credit check before issuing a
    Verizon Wireless spokesman Jeff Nelson said the company was investigating
    the incident, but declined to offer further details. 
    "We take the security of our customers' information extremely seriously,"
    he said. "Whenever we hear about a remote possibility that there has been
    any kind of intrusion into our system, we quickly move to investigate and
    work with our customers to rectify any possible damage." 
    Nelson declined to say which credit agency Verizon Wireless uses to verify
    applications filled out on the company's Web site. 
    Eight other chat room victims interviewed by MSNBC.com said they had
    ordered AT&T Wireless services in the past year. Several of the database
    entries pasted into the chat room included the line "I agree to a one year
    {sic} contract with AT&T Wireless Services." 
    Four of the eight remember ordering the service through URDigital.com or
    its parent, Advanced Digital Solutions, which once operated mall-based
    sales booths. AT&T Wireless spokesperson Danielle Perry confirmed that in
    at least two of the cases, the customers had signed up for AT&T Wireless
    service through Advanced Digital Solutions, which she described as an
    "unauthorized subagent's subagent that has gone bankrupt."  She could not
    offer an explanation for the others. 
    The chat room logs also point toward URDigital.com as a potential culprit.
    Several times, one poster publishes a directory listing specifically
    pointing to a folder named "URDigital." 
    URDigital.com is now operated by Simply Wireless Inc. A spokesman for
    Simply Wireless said his company had no connection with URDigital.com or
    Advanced Digital Solutions 18 months ago when the chat room victims
    indicate they signed up for their AT&T Wireless service. 
    But not every victim ordered cell phone service online in recent months,
    suggesting the data may have originally been taken from some other agency
    that logs customer driver license and Social Security data. Five of the
    victims interviewed by MSNBC.com said they didn't remember ordering a cell
    phone online and don't recall entering their Social Security numbers or
    driver's license numbers into any Web site. 
    Experts say the victims could be dealing with the potential identity theft
    for years; unlike credit card numbers, Social Security numbers and date of
    birth information cannot be canceled and reissued. That's what
    distinguishes this theft from other computer break-ins like the January
    2000 theft from CDUniverse.com, when criminals stole 300,000 credit card
    numbers from that e-commerce site. 
    Theft of customer databases full of credit card numbers has been fairly
    common since the CDUniverse incident, but there have been no widespread
    reports of stolen databases that include social security numbers and
    drivers' licenses. In the most famous identity theft incident to date, a
    New York City restaurant worker managed to impersonate famous
    personalities like Steven Spielberg, Warren Buffett, Martha Stewart and
    Oprah Winfrey, and in some cases stole money from their brokerage
    accounts.  But the driver had to steal each identity one at a time, via
    imposter telephone calls and other "social engineering" tricks. 
    The data which appeared in the chat room, which in some cases even
    includes employer and job title, is already in active circulation among
    the Internet's underground. About half of the victims contacted by
    MSNBC.com had already discovered fraudulent charges on their credit cards
    within the past week, soon after the stolen data was posted in the chat
    room. But several others indicated their cards had been loaded with bad
    charges two months ago, suggesting the data may have originally been
    stolen in April or May. 
    Computer criminals armed with a full set of personal data, including
    Social Security numbers and date of birth, can wreak havoc on a victim's
    credit history by signing up for credit cards or opening online bank
    "Oh man, this is not good," said Maribell Ruiz of Chicago.  She claims the
    only place she ever entered her license or Social Security number online
    was at VerizonWireless.com. "They are supposed to be a secured site." 
    Local police have already opened investigations into the incident in
    Rancho Cucamonga, Calif., and Kiowa County, Okla. Another Chicago-based
    victim, who asked to have her name withheld, has already contacted
    attorney Jed Weissbluth, an expert in identity theft, to investigate. 
    "I never enter my Social Security number online," said Maria Zeller of
    Farragut, Ill. In fact, she didn't remember ever doing so until asked if
    she had ever purchased a cell phone contract online. "The cell phone is
    the only thing I purchased that I would have," Zeller said. 
    Adam Feign of Crystal Lake, Ill., ordered his Verizon Wireless phone in
    December using the company's Web site; then two months ago there were
    $4,000 in false charges on his Visa card. 
    "Most of the charges were at Network Solutions," he said. 
    Cory Johnston of Indianapolis, Ind., was called by his bank Monday and
    told a criminal had charged $1,000 on his card over the weekend at Network
    "I'm going to change my driver's license number right away," he said. 
    One expert, who requested anonymity, called the victims who had their data
    published in the chat room "the lucky ones," since they can be warned
    about what has happened. Criminals often publish only a small slice of the
    data that's been stolen. It's possible a much larger database of personal
    dossiers has been taken, and since authorities don't yet know where the
    data came from, other victims can't be warned. 
    Version: 2.6.2
    Comment: See http://www.treachery.net/~jdyson/ for current keys.
    -----END PGP SIGNATURE-----
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 06:08:03 PDT