July 2009

40 Million Stolen Identities


There is a new web site on the internet that has over 120 million records relating to at least 40 million unique identities from data that has been traded between criminals over the last 4 years. Lucid Intelligence (www.lucidintelligence.com) has gathered personal information including credit card details, bank account numbers, PINs and telephone numbers available to criminal elements prepared to pay the bill.

The web site is not there to sell this data but to give citizens the opportunity to find out whether they might be at risk to on-line identity theft. They can find out if they are on the database for free, but then it costs you $16 to find out exactly what data Lucid has captured about you over the internet. In some cases they may even tell you how it was obtained.

The Lucid web site lists the three people behind its incarnation, Colin Holder who retired from the Metropolitan Police as a detective sergeant after 30 years service. In later years Colin specialised in fraud and identity theft. Jack Richardson is the data base specialist who has worked his time in the healthcare, leisure and banking sectors. The third member of the founding team also comes from the Metropolitan Fraud Squad, Tim Harvey who became Detective Superintendent in charge of all operational fraud squad teams retired from his policing activities in 2006.

So first there are two questions, where did the data come from and for what is it going to be used, for $16 can I get the info on my chosen target? Of course some information such as credit card numbers is reported to be openly available for less than $1. Then one has to ask about the site itself, should the Information Commissioner (in the UK for example) allow a database with 120 million stolen records? Apparently about 4 million UK citizens are on identity risk from this data.

According to Lucid all the data on their site has been in criminal hands and has been put up for sale on the internet. Apparently files are sometimes made available from web sites posing as 'marketing sites', these sites are like a one stop shop for spammers and phishing perpetrators. The owners of the site have been collecting the data from sites such as bulletin boards and chat rooms. In addition the data has been obtained from black market FTP sites, which are apparently the virtual street corners of the cyberspace world.

The shear size of the data base makes you want to draw breath, 120 million records, gathered presumably over the last 4 years. But then you really need to know the sensitivity of the data in relation to what people freely make available. Facebook and other social sites for example carry an unbelievable amount of what can only be described as personal information. Just last month MI5 made it be known that candidates for jobs in intelligence will be disqualified if they have a Facebook or similar presence. Perhaps just a little confusing to hear the new boss of MI6 Sir John Sawers was starring on Facebook courtesy of his wife's profile on the site.

Advertise Here

Email: info@smartcard.co.uk

As for the matter of phishing where a perpetrator persuades you to link to a bogus site representing your bank or eBay or something similar to get your user name and password, well I would have to say that in my opinion it is easy to get caught. Some of these phishing sites are unbelievably smart and even the brightest may be lulled into the web of deceit. In the world of the internet you always need to be on guard and who can honestly say that they never slip up?

David Everett – Smartcard & Identity News


21/03/2019 Headlines

France Fines Google $57 Million for European Privacy Rule Breach

Google lacked transparency and clarity in the way it informs users about its handling of personal data and failed to properly obtain their consent for personali.....Read More

New Payment Services Laws Passed in Singapore

New payment services laws have been passed by Singapore's parliament in a move that will streamline existing laws while bringing many new fintech providers into.....Read More

Twitter Warns that Private Tweets were Public for Years

Private tweets sent by users of Twitter's Android app could have been exposed publicly for years.

Twitter said it had discovered a security flaw which me.....Read More

Exchange Loses Big over Airdrop Miscue

Computer glitches are never fun, but when they result in the loss of money, they can be completely debilitating. Coinnest, a cryptocurrency exchange out of Sout.....Read More

Name and Shame Firms with Poor Cyber Security, Government Told

The government should name and shame companies whose cyber security measures fail to protect consumers' data and firms should implement Active Cyber Defence, an.....Read More

Sirin Labs Opens First Blockchain Smartphone Store in London

Sirin Labs has opened the first blockchain smartphone store located in London. The intention is to attract crypto enthusiasts passionate for blockchain and dece.....Read More

Video Interviews

Tim Jones talks on the wealth of networks

Christophe Dolique of Gemplus talks about ·SIM

Dominique Brule of Philips Semiconductors talks about Near Field Communication