August 27th, 2008

Taiwan busts hacking ring, 50 million personal records compromised

Posted by Dancho Danchev @ 11:45 am

Categories: Black Hat, Botnets, Data theft, Hackers, Malware, Passwords, Pen testing

Tags: Security, Hacking, Cybercrime, Taiwan, Data Breach, Dancho Danchev

Taiwan’s Criminal Investigation Bureau (CIB) has successfully tracked down and arrested six people in what the CIB believes to be the biggest personal data breach in Taiwan to date. Apparently, the group also managed to obtain personal data on Taiwan’s current and former presidents :

“The suspects are believed to have stolen more than 50 million records of personal data, including information about President Ma Ying-jeou, his predecessor Chen Shui-bian and police chief Wang Cho-chiun, the official said. They then offered to sell the information for 300 Taiwan dollars (10 US) per entry, he said. The hackers, based in Taiwan and China, also swindled victims out of millions of Taiwan dollars through their online bank accounts, he said.”

The announcement comes a week after China detected a sophisticated fake diploma scheme, where ten government databases were compromised.

This particular data breach seems to very similar to the “whether to attack the bank or its customers as the weakest link” dilemma malicious attackers used to face once. Basically, the same amount of information can be obtained by targeting the weakest link, in this case the end users, whose once crimeware infected hosts ends up in a cybercrime as a service underground proposition. Take for instance the 76service, which recently reappeared as an alternative for cybercriminals not wanting to take the time and effort to build botnets, but still wanting to rent one and intercept all the personal and financial information they can during the a particular period of time. With geolocation within botnet for hire services now a daily reality, someone interested in intercepting data from a particular country only, can easily do so.

As for the people behind this hacking ring,  asking for 10 USD per data entry clearly indicates their isolation from the underground marketplace, as in reality, what they are offering may already be available somewhere else in a wholesale proposition, or requested on demand at a cheaper price.