On CBSNews.com: Aniston: What Jolie Did Was "Uncool"
BNET Business Network:
BNET
TechRepublic
ZDNet

August 27th, 2008

Taiwan busts hacking ring, 50 million personal records compromised

Posted by Dancho Danchev @ 11:45 am

Categories: Hackers, Botnets, Black Hat, Data theft, Pen testing, Passwords, Malware

Tags: Security, Hacking, Cybercrime, Taiwan, Data Breach, Dancho Danchev

Taiwan’s Criminal Investigation Bureau (CIB) has successfully tracked down and arrested six people in what the CIBTaiwan CIB believes to be the biggest personal data breach in Taiwan to date. Apparently, the group also managed to obtain personal data on Taiwan’s current and former presidents :

“The suspects are believed to have stolen more than 50 million records of personal data, including information about President Ma Ying-jeou, his predecessor Chen Shui-bian and police chief Wang Cho-chiun, the official said. They then offered to sell the information for 300 Taiwan dollars (10 US) per entry, he said. The hackers, based in Taiwan and China, also swindled victims out of millions of Taiwan dollars through their online bank accounts, he said.”

The announcement comes a week after China detected a sophisticated fake diploma scheme, where ten government databases were compromised.

This particular data breach seems to very similar to the “whether to attack the bank or its customers as the weakest link” dilemma malicious attackers used to face once. Basically, the same amount of information can be obtained by targeting the weakest link, in this case the end users, whose once crimeware infected hosts ends up in a cybercrime as a service underground proposition. Take for instance the 76service, which recently reappeared as an alternative for cybercriminals not wanting to take the time and effort to build botnets, but still wanting to rent one and intercept all the personal and financial information they can during the a particular period of time. With geolocation within botnet for hire services now a daily reality, someone interested in intercepting data from a particular country only, can easily do so.

As for the people behind this hacking ring,  asking for 10 USD per data entry clearly indicates their isolation from the underground marketplace, as in reality, what they are offering may already be available somewhere else in a wholesale proposition, or requested on demand at a cheaper price.

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and E-crime incident response. Dancho is also involved in business development, marketing research and competitive intelligence as an independent contractor. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis.
  • Talkback
  • Most Recent of 7 Talkback(s)
Pure incompetence !
Isn't firewall, is just updates and daily maintaining DBs.

This shows a lot ppl are working on WRONG job (doing all wrong naturally) ! Well, this common (read: Gov's jobs) in every place in the world (sigh!).... (Read the rest)
Posted by: Gradius2 Posted on: 08/29/08 You are currently: Logged In | Log out
When firewalls don't work BALTHOR   | 08/27/08
RE: Taiwan busts hacking ring, 50 million personal records compromised hinkel@...   | 08/28/08
Heck, I'll proofread for them, if they like seanferd   | 08/28/08
And now... sdwood   | 08/28/08
RE: Taiwan busts hacking ring, 50 million personal records compromised joseph_a_tasker@...   | 08/28/08
RE: Taiwan busts hacking ring, 50 million personal records compromised ink2order@...   | 08/29/08
Pure incompetence ! Gradius2   | 08/29/08

What do you think?

No Trackbacks Yet

The URI to TrackBack this entry is:
http://blogs.zdnet.com/security/wp-trackback.php?p=1814

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

ZDNet Blogs

CIO Sessions

advertisement
Click Here