Experian sold consumer data to identity thieves' service


Experian, the massive data-broker with far-reaching influence over your ability to get a mortgage, credit-card, or job, sold extensive consumer records to an identity thieves' service called Superget.info. Superget specialized in supplying identity thieves with "fullz" -- full records of their victims, useful for impersonating them and for knowing where their assets are. Experian sold the data through a third part called "Court Ventures" -- which they later acquired -- and the sales continued for about a year. Experian bills itself as a service for people worried about identity theft. It's not clear whether Experian will face any penalty for the wrongdoing.

Read the rest

Accused identity thief nailed by food-porn Instagram photo


Troy Maye was wanted for a string of identity thefts, but the IRS couldn't positively identify him. But after he passed a thumb-drive of stolen data to an IRS informant, investigators were able to pull his name off the drive's metadata. They used that to find his Instagram profile, and found a food-porn photo he'd taken at the Morton's steakhouse where he'd dined with the informant. Busted.

"IRS Agent Louis Babino then headed to Google and located Maye’s Instagram page, which contained a profile photo of Maye. When shown the profile photo, the CW confirmed that Maye (seen at right) was the man with whom he dined at Morton’s."

Well, sure, Agent Babino, but how can you be really sure this was your guy?

"A further review of Maye’s Instagram page, Babino noted, revealed “a photo of a steak and macaroni and cheese meal containing the caption ‘Morton’s.’” The image--uploaded on January 7 at 11:24 PM--“appears to coincide” with the CW’s meeting at Morton’s, added Babino."

Yup, this guy food-porned his way into being arrested. The Instagram photo is reportedly being entered into evidence in the case, so one hopes the juicy steak and the creamy mac and cheese was really, really worth all the trouble Maye is now in. Once again, if you're a criminal, online narcicism is probably something you'd be best to avoid.

Criminal Nabbed By His Own Food Porn [Timothy Geigner/TechDirt], [Gabrielle Bluestone/Gawker]

The Scary Consequences of A Lost Smartphone

If you're one of those people who tend to lose their phone shortly after putting it down, then you'll want to read this. According to a new study, if you lose your smartphone, you have a 50/50 chance of getting it back. But chances are much higher -- nearly 100 percent -- that whoever retrieves it will try to access your private information and apps.

According to a study by Symantec, 96 percent of people who picked up the lost phones tried to access personal or business data on the device. In 45 percent of cases, people tried to access the corporate email client on the device.

"This finding demonstrates the high risks posed by an unmanaged, lost smartphone to sensitive corporate information," according to the report. "It demonstrates the need for proper security policies and device/data management."

Symantec called the study the "Honey Stick Project." In this case the honey on a stick consisted of 50 smartphones that were intentionally left in New York, Los Angeles, Washington, D.C., San Francisco and Ottowa, Canada. The phones were deposited in spots that were easy to see, and where it would be plausible for someone to forget them, including food courts and public restrooms.

None of the phones had security features, like passwords, to block access. Each was loaded with dummy apps and files that contained no real information, but which had names like "Social Networking" and "Corporate Email" that made it easy for the person who found it to understand what each app did. Each phone also was loaded with programs to track what finders did with the devices, and to send that information to the researchers.

Read the rest

Identity theft marketplace sells mothers' maiden names, dates of birth, etc


Many websites will allow you to "recover a lost password" if you (or a crook) can supply your date of birth, mother's maiden name, etc. So, of course, crooks buy and sell data like dates of birth, mothers' maiden names, Social Security Numbers, and other easily mined minutae. Brian Krebs reports from superget.info, a site that sells would-be fraudsters this information, and also has a wholesale program so that entrepreneurial crooks can resell your personal information to their friends.

Superget lets users search for specific individuals by name, city, and state. Each “credit” costs USD$1, and a successful hit on a Social Security number or date of birth costs 3 credits each. The more credits you buy, the cheaper the searches are per credit: Six credits cost $4.99; 35 credits cost $20.99, and $100.99 buys you 230 credits. Customers with special needs to can avail themselves of the “reseller plan,” which promises 1,500 credits for $500.99, and 3,500 credits for $1000.99.

“Our Databases are updated EVERY DAY,” the site’s owner enthuses. “About 99% nearly 100% US people could be found, more than any sites on the internet now.”

Customers who aren’t choosy about the identities they’re stealing can get a real bargain. Among the most trafficked commodities in the hacker underground are packages called “fullz infos,” which include the full identity information on dozens or hundreds of individuals.

How Much Is Your Identity Worth?