[ISN] Indian call centres sell off Australians' details

From: InfoSec News (isn@private)
Date: Tue Aug 16 2005 - 23:31:29 PDT


http://www.abc.net.au/news/newsitems/200508/s1437366.htm

August 15, 2005

Tens of thousands of Australians are at risk of computer fraud because
their personal information is being made available illegally by
workers inside call centres based in India.

Tonight's Four Corners program reveals a black market in information
held by Indian call centres.

The program was able to get hold of personal details through a
journalist who is working undercover and cannot be identified.

"We were absolutely amazed at how easy it was to buy data. And
secondly, the free flow of data was just astonishing," the journalist
said.

"A good analogy would be paedophile or child porn sites on the
Internet. If you're one of them, you swap your pictures with their
pictures, that's how the trade carries on."

The undercover journalist was also behind the recent sting operation
by Britain's Sun newspaper, which bought the bank details of 1,000
British people for just $7 each.

"You can't go to these people and ask for 10 names. The minimum, it
seems to us, the minimum quantity they will deal with is 1,000 names,"  
the journalist said.

The Australian names requested by Four Corners had a price tag of $10
each.

It was offered ATM numbers, passport numbers and credit card details -
enough information for hackers to assume the identity of Australians
online.

The program did not go ahead with the purchase but a sample of
identifications included the personal details of Diane and Keith
Poole.

Ms Poole says the revelation leaves her feeling vulnerable.

"I'm mortified because it leaves us fairly open, doesn't it?" she
said.

Mr Poole says a call centre operator working for Australian company
Switch Mobile, asked him an unusual question.

"They asked did I have a passport. I said, 'Yes I have a passport' but
I said I wasn't prepared to give the number on that," he said.

Switch Mobile spokesman Damien Kay says passport information is not
needed.

"The issue of personal information being sold goes way outside of our
authorisation in the contracts that we have," he said.

He says Switch is devastated that privacy laws are being flouted by
its representative and has since terminated the contract it had with
its telemarketing company.

Cyber crime is described by former World Bank cyber intelligence
expert Tom Kellerman as the most pervasive crime on the planet.

"Organised crime has created a business model around hacking," he
said.

The threat of financial loss to a victim of identity fraud is bad in
itself, but there is an even darker side to the crime.

Personal details on any number of databases can be accessed and used
for terrorist activities, which could include getting passports
issued, establishing lines of credit or arranging fake IDs for people
working undercover.



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org 



This archive was generated by hypermail 2.1.3 : Tue Aug 16 2005 - 23:45:16 PDT