You’re the Next Victim of the Cyber Wars

I want to see posts like this back up for discussion because hacking and identity theft is growing rapidly right now. Very few news stories covering this are getting attention in the MSM and the problem is getting seriously out of hand.

I thought it was bad news for all the celebrates that had their sensitive personal information made public by hackers, but celebs have stalkers and people after them all the time, oh well. I didn't think much about the Target credit card information theft when it happened over the holidays, I never shop there.

What a stupid attitude I had. I thought that it was an isolated incident due to a cyber-security problem or perhaps it was an inside job. Then Neiman Marcus got hacked too. Regardless, just the shear number of credit/debit card numbers and their owner’s names, 110 million at Target, should have gave me pause. These hacks were accomplished with a sophisticated operation using a customized version of a point-of-sale malware called Blackpos. It captures the track data information stored on the magnetic strip on the backs of credit/debit cards during the checkout transaction.

So what do I have to worry about? I use my debit card around our local towns, No Target or Neiman Marcus around here, what are the chances anyway? Well, my debit card information was stolen somehow over the last month or so. It started with charges from one of the big 3 credit rating companies. Foolishly I thought that these charges were related to a wire transaction I did, but it was a huge red flag I ignored until I got a call from a retail store about an order they couldn’t send without verifying it. They left a message with an order number that I checked at their website, and sure enough, someone got hold of one of my debit card's information and was on a shopping spree.

Well, before any money got used, I put a block on the card and transferred the balance over to another account at the same bank. The following day I went through the process for stopping the charges and changing my card number. The bank had caught it before I did and by that time over a dozen charges were made from all over the States and Mexico totaling over two grand.

So my information has been hacked, most likely includes my SS#, date of birth, address and other personal information. It must be being sold on black market websites, piecemeal and wholesale for really cheap. I’m just now researching the steps I need to take to protect myself, what a fargin’ headache!

Needless to say I’m researching all the hacking going on, and it is truly disturbing. Target and Neiman Marcus are just the ones who admitted what happened, as many as ten to twenty big stores have been hacked and aren’t admitting it yet. It doesn’t stop there, it gets worse. Hacking for sensitive personal information has been going on at major banks, data brokers, government agencies, and the list goes on and on.

I think what happened to me was that my card was hacked at a Major (hint) retail store (that has not admitted any data theft yet) that I never used my card at before until right before the suspicious charges occurred. Then I believe it was sold to someone who then bought my SS# DOB, matched up the address and used the card to check my credit report. Now they have the full package for sale.

I’m upset at all the steps I’m going to have to take now, but these wide spread hacks that are coming from criminals, terrorists and foreign countries, and the black market sale of that information, that worries me more. It is going to foul up our economy really bad, really quick. Add some infrastructure hacking attacks from a rival foreign country at the right moment and our economy is toast.

nakedsecurity.sophos.com...

The nature of the content - names, social security numbers, previous addresses, dates of birth, etc - suggest that a credit agency might have been compromised

www.digitaltrends.com...

krebsonsecurity.com...

Data Broker Hackers Also Compromised NW3C The same miscreants responsible for breaking into the networks of America’s top consumer and business data brokers appear to have also infiltrated and stolen huge amounts of data from the National White Collar Crime Center (NW3C), a congressionally-funded non-profit organization that provides training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of cybercrime

Thankfully, you had wits about you and nipped it in the bud, before real damage was caused, since ive been receiving load of "scam" emails supposedly from my bank, paypal and other official source's, I've been changing passwords and pin numbers regularly, thankfully the only successful hack ive had done to me is my email account got hacked, but a friend warned me when she received a suspicious email from me.

You see it's easier if you don't hold bank info on your computer. Instead just go the bank or atm (I know people take info from atm's too but it's not as prevalent as phishing or hacking).
May take a bit of time but sometimes it's better to be safe than sorry I guess. As for debit card hacking just be careful where you use it from now on.

Right now I have a credit fraud alert with the big three agencies and from what I can tell, everything is locked down with regards to getting credit reports or applying for credit. Even the Social Security website wouldn't let me check my records without written proof.

I will have to notify the IRS and do some other stuff.

www.annualcreditreport.com...

www.socialsecurity.gov...

www.idtheft.gov...

www.irs.gov...

Something to consider is the fact that the banks are taking the hit for these fraudulent charges and people like me are going to start doing cash only transactions or on prepaid cards.

This will cause a slow run on the bank that builds up as more and more people get hacked. Considering how this is escalating, my mattress seems far more secure than the banks right now.

reply to post by blueyezblkdragon


One of the first things I did was update my virus programs and do a full check. I then updated windows with all the security updates and downloaded the most recent malicious software removal tool. No threats were found. I don't think the hack was made through my computer, although they can't catch the latest and greatest virus mutations. Also, I don't save form information on my browser and have the settings pretty high. I'm really careful with my SS#, it most likely occurred the way I think it did.

reply to post by MichiganSwampBuck


What a hassle.
I'm gonna go out on a limb here, with this being a conspiracy website and all, and say what if these hacks, these breaches are a way to get us all on board with biometrics, real ID, implanted chips...
Could this be something tptb are behind in order to convince us that we need such invasive technologies for our personal financial security?
Isn't the concept of giving up our privacy and liberty for our safety and security their mantra?

Just a thought that occurs to me...

anybody that didn't see cyber crime comming when thay first started on online banking and wanting personal info for some site deserve everything they get. not that i wish it on you but, it's your fault.

it will never happen to me for one simple reason, i don't do it. i go to the bank and have very little in saving or checking. i don't use credit card's, i shred all credit card offers, and personal info that goes in the trash and burn it in the burn barrel out back. if and when i order any thing online, i use the green dot. can't steal anything from that. if i have to renew something i go to the office and do it there, or send a check in the mail using a regular envelope, not one of those self addressed ones that come with the bills or renewal notices. never had a problem yet. and if people don't want my cash or checks, i find some who does. there are still people who know the value of cash. there is a pun in there if you want to use it.

so long as there is info and the temptation, thieves and crooks will go after it, they will. even as companies try to come up with better security, there are thieves who are trying to defeat it as it comes out.

think back just thirty to forty years ago or maybe even a little less, you hardly if ever heard about id theft. when you did it was more of a high profile type deal.
doing business online, has been done so they can fleece you out of more of your hard earned money, spend less while they do it, and track your fiances, habits, and your preferences. the world has bought into the corporate/ government idea that online, banking, transactions , credit cards, or anything else, is a easy safe secure means of doing business.
well it's not and ( don't take this personally) people have become stupid lazy fools. thieves have been around since the dawn of man, and have always wanted to take what others have. people have tried many different ways to get around what ever means people have used to protect there personal property. and thieves will always try find a way around it, and succeeded good portion of the time.

ETA: not only is doing business in person the most safe secure from of protection, it is also has a more positive social aspect to it.
i can't tell you the amount of times i've been in the bank and ran into some i haven't seen in years, or when i went down to the social security office to do something instead of doing it on line and ran into two friends from high school. or standing in line waiting to see the teller and carrying on a conversation with people in line that have your views or may not and want to debate with you about it.
or going into a store and seeing some you saved money on that wasn't listed on line.

there are so many things that have been lost due to the cyber age that has hurt the world, that i'm afraid the next generation and cyber techies just want ever know or be able to bring back.

hounddoghowlie
anybody that didn't see cyber crime comming when thay first started on online banking and wanting personal info for some site deserve everything they get. not that i wish it on you but, it's your fault.

I total get what your saying Hound Dog, and perhaps I was lax in my online activities, and using a debit card was a risk too, but with all the resources available to cyber criminals, nothing will fully protect you from these guys. As careful as I am online, I still suspect the blackpos was involved along with other hacks, and from that respect it wasn't my fault entirely or maybe at all. Soon it will happen to almost everyone in the States, who's fault will that be?

PS. I'm not trying to portray a defensive attitude and I know that you aren't being personal.

A friend of mine I talked to about this brought up the fact that the United States has a total population of 317 million. So, if we just consider the 110 million admitted by Target, we have over one third of the U.S. population. How many of that 317 million have a credit/debit card? Think about that one for a minute. People under 20 years of age made up over a quarter of the U.S. population (27.3%) close to 86 million. This brings down the figure down to close to 231 million possible card holders. The Target scam netted close to half of that. Now add in all the other millions involved in the other hacks, we are all deeply screwed.

Now might be a good time to check your credit history for anything fishy. A new investigative report from security researcher Brian Krebs shows that a group of identity thieves have successfully infiltrated the networks of three major data brokers, giving them access to Social Security Numbers, dates of birth, and other personal details that could put all our financials at risk.

Brian Krebs is the guy to listen to, I highly recommend reading his articles about this.

The people (or person) behind a website called ssndob.ms, or just SSNDOB, is the source of the attack, according to Krebs. He discovered SSNDOB marketing itself on “underground cybercrime forums” as a source for people who want to purchase “SSNs, birthdays, and other personal data on any U.S. resident.” Customers could pay as little as $0.50 for some records, while full background checks ran between $5 and $15.

Elostone
reply to post by MichiganSwampBuck

 

What a hassle.
I'm gonna go out on a limb here, with this being a conspiracy website and all, and say what if these hacks, these breaches are a way to get us all on board with biometrics, real ID, implanted chips...
Could this be something tptb are behind in order to convince us that we need such invasive technologies for our personal financial security?
Isn't the concept of giving up our privacy and liberty for our safety and security their mantra?

Just a thought that occurs to me...

I like your take on this, thanks for sharing your insights. There seems to be something bigger to this, I suspect that darkpos may have been developed and distributed to the criminal networks by a foreign country that may introduce more hacks to weaken the U.S. financially. The damage gets done and so many scammers are involved that it would not likely point back at the real perps. Blackpos is said to have originated in Russia or specifically the Ukraine. Seems like things have been heating up with Russia and the Ukraine lately hasn't it?

I was considering the idea I proposed in my last post about the Russian and Ukrainian connection with darkpos and the black market. Perhaps the hacking will slow down a little with the current conflict escalation, but the genie is out of the bottle. The most we can hope for now is that the good guys can make a security fix quicker than the bad guys can develop a new hack.

We can also hope that many of the criminals operating in these markets will get caught, but the businesses and organizations have to beef up security and come forward if they have been hacked.

Personally I foresee the bad guys always being a step ahead and the eventual demise of the present system of financial identity based primarily on a SS#. The criminals already have a personal info data base that rivals the NSA's and it's up for sale.

This will probably be my last post on what appears to be a now dead discussion.

I sent an email to a dozen of my closest relatives and friends with the content from my original post. One of my brothers and one friend actually called me to talk about it. Two other brothers responded by email and offered zero advice and made no comment on the seriousness of the current hacking threats. The rest have made no return emails.

Judging too, by the responses I have on ATS, its seems there is little interest in this subject. I'm left wondering why such a huge threat to everyone's identity, and ultimately our whole economic system, is so disregarded? Perhaps they had the same reasoning I did before I got hacked. I should be an example of what will happen soon to a majority of U.S. (and European) citizens, but out of sight is out of mind I suppose.

I have done my part by sounding the warning and feel certain that I'll be able to say, "I told you so!" but won't have to at that point.

Good luck to all. I hope you can keep your identities safe.

Personally I think the "hackers" are in league WITH THE BANKS......
I don't believe that government....criminal organisation, and banks, are really that far apart.....
Just like I believe outfits like Kaspersky, et al create the viruses they defend against in the first place....what a money machine that is for them.....

Wasn't the old way of cash the best way of doing everyday business....Im glad i still do the old way...Never have these problems.

Smell the cash boy's.

Thanks for the posts you guys. I thought I would put up another post after that last one.

Since it is unlikely anything can be done about the compromised information floating around the identity black market, I thought I would do what I could with the legal info I might find about myself with Google. Having done a lot of genealogy for the past five years, I knew about the one-stop people searches with all the background checks, but only using what free services I could find, I didn't realize what their paid services could dig up. This is the type of personal information available for between $1 and $50 though one of the paid services.

Names/Akas, Addresses, Birth Date
Possible Relatives
Possible Associates
Phone Numbers
Property Records
Neighbor Records
Occupant Records
Death Index Records
Business Report
Property Ownership Records
Marriage Records
Divorce Records
DEA Records (Doctors)
FAA Airmen/Aircraft Records (Pilots/Aircraft)
Merchant Vessel Records (Boat Ownership)
Website Ownership
Criminal Records

For a few dollars or a paid full service membership, the criminal will have accurate records of your personal history, and will be better prepared than you are to answer any of the security questions normally asked. Keep in mind, this is totally legal and the sources are from public records. How do you get control of the public records? I guess the grade school principal was right when he said, "This was going on your permanent record."

What will also come up in Google searches is the online phone directory listings, any profiles you might have, and any directory listings you might be in. Just try searching your name and state of residence, you just might be shocked. If you have an idea of the age of the person your looking up, you can have access to everything but the SS#, but that and your name is available on the black market for around $2.

You can go around to every website with your information and try to request that it be removed (it takes a long time, if ever), but even if the search engines have finally forgotten you, and some believe that's impossible, there is still the public records legally available for some chump change.

Once again, good luck hiding yourself from this mess and avoiding ID theft.

ETA: As soon as the bank is done straightening out my account, I'll be using one of the people searches and doing a full report on myself just to see what they have on me. That way I can screw with my online information and security answers and hopefully slow down the bad guys.

I guess I was premature in saying I wasn't going to post on this any more, because here's some more and it really pulls it all together.

krebsonsecurity.com...-22951

An identity theft service that sold Social Security and drivers license numbers — as well as bank account and credit card data on millions of Americans — purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity.

Holy Crap! There's your smoking gun! That Krebs guy is really on this stuff, hope he doesn't get accidented to death.

In November 2011, this publication ran a story about an underground service called Superget.info, a fraudster-friendly site that marketed the ability to look up full Social Security numbers, birthdays, drivers license records and financial information on millions of Americans.

The article gets better.

An individual who read a story about the operators of a similar ID theft service online having broken into the networks of LexisNexis and other major data brokers wrote to say that he’d gone back and reviewed my previous stories on this topic, and that he’d identified the source of the data being resold by Superget.info. The reader said the abbreviations matched data sets produced by Columbus, Ohio-based USInfoSearch.com.

So there you have it, superget.info got access through a partnership with usinfosearch.com, one of those one stop paid people searches. Of course usinforsearch.com has deals to share information with most of the one stop ID websites as well. But it goes way beyond that because superget.info then paid for access to the Experian credit bureau's data base who of course shares everything with the other big credit bureaus.

According to Martin, the proprietors of Superget.info had gained access to Experian’s databases by posing as a U.S.-based private investigator. In reality, Martin said, the individuals apparently responsible for running Superget.info were based in Vietnam.

This may explain the mysterious fraudulent charges I had for the Experian credit checks when I first got hacked.

This is really important information for everyone and I hope to get the word out as best as I can.

ETA: I want everyone to know here on ATS that you have already been compromised, it's just a matter of time before they get around to using your information. Your identity isn't just at risk because of your online activities or POS purchases, it's beyond that now and the worse has already happened. Just the volume alone of the identity theft cases will cause a backlog that will be many years to get straightened out, if that is even possible at this point. This is some doom porn I can actually believe in because I'm living it right now.

Anyone can get a lot of personal information just by putting a ad in the newspaper.

Put a ad for a high paying job in the paper and when someone responses send them a employment app where you ask for any information you want. tell the person that to job is a government contract job and you need them to fill out a Application for Federal Employment; SF-171,
This app asks for a lot of personal information.
I a couple times needed a electricians licenses for a couple short high paying jobs this was how i found out what the state electricians licenses looked like and was able to make a fake one on the computer and print it out.

Then you can use one of the online background check companies to fill in more information.

Your county hall of records can also be a good place to look for personal information.

Some states are slow on updating there death records and sometimes you can open accounts in dead peoples names in other states

reply to post by ANNED


Thanks for your comments Anned.

Yes, there is every scam in the world to steal or trick your info out of you, but there is no need to get so elaborate when just a little start-up cash for the legal OSINT (Open Source Intelligence) services and the black market will do the trick. All from the safety of a computer in some third world country. Good points though, so star for that.