Chicago-based security firm Authentify uncovered a stunning example of how stolen data is being used to create fraudulent new accounts.
Chinese scammers deployed a network of hijacked PCs, called a botnet, to apply for credit cards, cell phone accounts and auto loans on thousands of Web pages. The botnet plugged in stolen names and Social Security numbers, along with a mailing address and phone number that routed access to the new accounts back to the thieves.
Security firms turn over evidence of criminal activities to their clients and law enforcement. Other examples of cybergangs using stolen data:
• Arlington, Va.-based Cyveillance has found more than 2 million tainted Web pages, many that grab data from visitors. Cyveillance has retrieved more than 1 million Social Security numbers stored by thieves on computer servers in Russia, China and elsewhere.
• Virus hunter Don Jackson, of Atlanta-based security firm SecureWorks, traced a potent infection — “Gozi” — planted on thousands of Web pages by a gang in St. Petersburg, Russia. In less than a week, Jackson says the gang yanked 3,000 Social Security numbers into a Russian computer server where Jackson discovered stolen data, a shopping cart program and a detailed price list. Listed value of the data for sale: $2 million.
