September 26, 2013
Massive Data Leak Discovered In Three Large US Data Providers
Michael Harper for redOrbit.com - Your Universe Online
After several months of investigations, security researcher Brian Krebs has pinpointed a massive data leak to weak points in three large US data providers.
Though the FBI began its own investigations in March, Krebs now says a site that releases the birthdays and social security numbers of several public figures gets its information from a “small but very potent” botnet.
Following the report, data brokers D&B, LexisNexis and Altegrity admitted they had suffered cyber-attacks that left their systems in control of the botnet. These compromised systems were then used to serve up private data through a website called ssndob.ms, or SSNDOB.
It was discovered in March that another website, exposed.su was using data collected by SSNDOB to sell to its customers. While SSNDOB primarily sold information on US residents and others, Exposed went a step farther and sold information on public figures like Michelle Obama and Jay Z.
According to the Krebs report, SSNDOB began selling this information over two years ago with prices ranging from 50 cents to $15. The website allowed customers to look up private records and perform background and credit checks against the data they had amassed from the botnet.
Shortly after Exposed hackers infiltrated SSNDOB earlier this year, more hackers attacked the database and left it open to the public, allowing Krebs to investigate its origins. Late last month it was discovered that a relatively small botnet was responsible for breaking into some of the largest data brokers in the US and funneling this information to SSNDOB.
“The botnet’s online dashboard for the LexisNexis systems shows that a tiny unauthorized program called “nbc.exe” was placed on the servers as far back as April 10, 2013, suggesting the intruders have had access to the company’s internal networks for at least the past five months,” reads Krebs’ report.
“The program was designed to open an encrypted channel of communications from within LexisNexis’s internal systems to the botnet controller on the public Internet.”
D&B from New Jersey and Altegrity from Virginia also admitted their servers had been attacked by the botnet. D&B operates databanks, which license information to companies who need to deal in supply chain management. The servers owned by Altegrity were operated by one of its branch companies called Kroll Background America, Inc. Kroll, in partnership with HireRight, operate servers that perform background checks, drug and health screening, and employment verification.
“Immediately upon becoming aware of this matter, we contacted the FBI and initiated a comprehensive investigation working with a leading third party forensic investigation firm,” said Aurobindo Sundaram, vice president of information assurance and data protection at LexisNexis’ parent company, Reed Elsevier.
”In that investigation, we have identified an intrusion targeting our data but to date have found no evidence that customer or consumer data were reached or retrieved,” said Sundaram.
A spokesperson from D&B told Reuters the broker was "aggressively investigating" the botnet attack. "Data security is a company priority and we are devoting all resources necessary to ensure that security.”
The FBI said it is continuing an investigation into these attacks.