Do you want Lloyds or HSBC? Account details for sale online

Do you want Lloyds or HSBC? Account details for sale online
Do you want Lloyds or HSBC? Account details for sale online 

By Robert Booth
The Guardian
November 24 2007

It took just 19 hours from first contact with the anonymous Russian 
fraudster until he collected my $240 (116.50 U.K.P.) payment from a 
local "drop".

I had sent a wire transfer to his frozen Siberian home town in exchange 
for details that would, in theory, grant access to more than 10,000 from 
the bank account of an unsuspecting British Halifax customer.

He offered a choice of British accounts held at Lloyds TSB or HSBC and 
for more money, the balances could have been fatter - anything up to 
35,000, the fraudster promised. For a fee of 1% of the balance he 
promised the name, branch, account number, sort code and internet login.

The encounter with the anonymous Russian in an internet chatroom was one 
of scores like it going on at the time. In a separate private message, 
another vendor promised: "I will give you HSBC full info with 26k 
Pounds...for $500...When can you wire money?"

The account I had chosen could be almost cleared out in one day without 
hitting its transfer limit and alerting the account holder or bank, I 
was told.

The exchanges are likely to increase concerns about the security of 
Britain's banking and identity data. This weekend, the computerised bank 
details of millions of people remain missing, after the Treasury blunder 
in which two discs containing the data of 25 million individuals were 
lost in transit between HM Revenue & Customs and the National Audit 

The details of similar British bank accounts are already being offered 
for sale by internet fraudsters in America, Russia, China and west 
Africa. According to security experts they have been hacked from 
computers, gathered in "phishing" expeditions where fraudsters 
masquerade as trustworthy entities, and burgled from offices before 
being circulated among the internet banking fraud community.

On one publicly accessible website selling everything from stolen credit 
card details to fully operating pornographic websites, scores of vendors 
are lined up selling UK, European, US and Canadian bank details. It is a 
marketplace which illustrates the international nature of the illegal 
trade. The website is registered to the Cocos Islands, an Australian 
territory in the Indian Ocean consisting of two atolls, 27 coral islands 
and fewer than 1,000 residents. The salespeople are contactable through 
email addresses routed through servers in Russia and the USA. Most use 
Yahoo accounts or communicate through ICQ, an untraceable instant 
messaging programme.

"If the Treasury data gets into the wrong hands these are exactly the 
illegal markets where it will end up," said Daniel Harrison, an identity 
theft expert. "Whoever has it will break the details down into small 
chunks to sell on quickly and without detection. The data is crossing 
borders incredibly quickly and there is very little that can be done to 
track it down. It is like an underground eBay."

"The resale of bank account details is mainly managed by Russian 
organised crime," said Marc Kirby, the former head of computer forensics 
at the National Hi-Tech Crime Unit, which is now part of the Serious and 
Organised Crime Agency. "This is a highly organised black market that 
mirrors legitimate business dealings."

The attempts to defraud British bank customers witnessed by the Guardian 
were of "great concern", said Brian Mairs, spokesman for the British 
Banking Association. "Customers have every right to be concerned and 
this is a double whammy for them after the bad news from HM Revenue & 
Customs earlier in the week," he said. "But they have the assurance that 
they will not lose out financially if they have not been responsible for 
the data being compromised."

The investigation began with Google searches. After a few attempts, a 
forum emerged for vendors offering skimmed credit card details. Among 
them were some selling bank details. Each vendor offered an email and a 
chatroom contact for private negotiations.

Once talking one on one, the sellers unpacked their wares. One seller 
offered bank account details, complete with their internet logins, for 
$75. "All live and fresh, contact me now," he urged. Another pushed 
blocks of Visa card details for $80. "Stuff will be sent out to u in 
1-24 hours after payment," he said. "Have system of good discounts for 
constant buyers."

A Russian-registered vendor offered UK and US bank logins with "good 
price and service!"

The community has developed a high level of sophistication so that 
trusted parties can trade efficiently. In one posting on a forum selling 
card details a fraudster reports to the rest of the community on the 
"review" he has conducted of a new entrant to the market.

He has tested his speed of response and accuracy of information supplied 
and marks him out of 10 for communication, timing and product. "Total: 
9/10 nice score," he concludes and awards the status of "trial vendor".

Many vendors offer discounts for bulk buyers and even display a 
replacement policy. If the account details do not work most vendors will 
replace the data with a different lead. SOCA, which has responsibility 
for fighting organised internet fraud, has set up a series of 
cross-border alliances to tackle the problem, but declined to comment on 
our findings.

As sobering as the trade in stolen identities has become, there was a 
crumb of comfort last night for the Halifax account holder whose details 
the Russian fraudster was peddling. Twelve hours after the payment had 
been withdrawn from a Siberian wire office, the Guardian was still 
waiting for the promised bank details.

Copyright Guardian News and Media Limited 2007

Visit InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods