There is a new web site on the internet that has over 120 million records relating to at least 40 million unique identities from data that has been traded between criminals over the last 4 years. Lucid Intelligence (www.lucidintelligence.com) has gathered personal information including credit card details, bank account numbers, PINs and telephone numbers available to criminal elements prepared to pay the bill.
The web site is not there to sell this data but to give citizens the opportunity to find out whether they might be at risk to on-line identity theft. They can find out if they are on the database for free, but then it costs you $16 to find out exactly what data Lucid has captured about you over the internet. In some cases they may even tell you how it was obtained.
The Lucid web site lists the three people behind its incarnation, Colin Holder who retired from the Metropolitan Police as a detective sergeant after 30 years service. In later years Colin specialised in fraud and identity theft. Jack Richardson is the data base specialist who has worked his time in the healthcare, leisure and banking sectors. The third member of the founding team also comes from the Metropolitan Fraud Squad, Tim Harvey who became Detective Superintendent in charge of all operational fraud squad teams retired from his policing activities in 2006.
So first there are two questions, where did the data come from and for what is it going to be used, for $16 can I get the info on my chosen target? Of course some information such as credit card numbers is reported to be openly available for less than $1. Then one has to ask about the site itself, should the Information Commissioner (in the UK for example) allow a database with 120 million stolen records? Apparently about 4 million UK citizens are on identity risk from this data.
According to Lucid all the data on their site has been in criminal hands and has been put up for sale on the internet. Apparently files are sometimes made available from web sites posing as 'marketing sites', these sites are like a one stop shop for spammers and phishing perpetrators. The owners of the site have been collecting the data from sites such as bulletin boards and chat rooms. In addition the data has been obtained from black market FTP sites, which are apparently the virtual street corners of the cyberspace world.
The shear size of the data base makes you want to draw breath, 120 million records, gathered presumably over the last 4 years. But then you really need to know the sensitivity of the data in relation to what people freely make available. Facebook and other social sites for example carry an unbelievable amount of what can only be described as personal information. Just last month MI5 made it be known that candidates for jobs in intelligence will be disqualified if they have a Facebook or similar presence. Perhaps just a little confusing to hear the new boss of MI6 Sir John Sawers was starring on Facebook courtesy of his wife's profile on the site.
As for the matter of phishing where a perpetrator persuades you to link to a bogus site representing your bank or eBay or something similar to get your user name and password, well I would have to say that in my opinion it is easy to get caught. Some of these phishing sites are unbelievably smart and even the brightest may be lulled into the web of deceit. In the world of the internet you always need to be on guard and who can honestly say that they never slip up?
David Everett – Smartcard & Identity News