THE “GAMIFICATION” OF DATA BREACHES. How internet forums are playing with your personal details.
The leaking of private details of company employees used to be limited to hard to access sites on the dark web where criminals would trade in details. Now it has become a game anyone can play in.
Several online forums and markets have become active in the trading of breached information. IDCARE managing director, Professor David Lacey said in July there were “a total of 7.7 billion verified records from 430 posted databases” available on the web.
RAID FORUMS is one popular site that has taken the gamification of breaches to the next level. The easily accessible forum has begun posting breached information where members earn credits, not because they have posted data, but because other members have unlocked the content.
In the same way people can earn “karma” (points) on Reddit (a popular forum where people share news and content) so can people earn credits by sharing breached information. With Reddit, the more people who read a post, the more “karma” a person earns, whereas with the RAID FORUMS, the more ‘unlocks’ the posted data attracts, the more credits a member earns. This credit can then be used to access and unlock the content of other posts.
Prof Lacey said there was a worrying range of information on the RAID FORUMS site. “The posts range from low risk personal attributes and contact details, to higher risk identity credentials, usernames and passwords and Government identifiers,” Prof Lacey said.
Attempts to have sites like RAID FORUMS closed have been unsuccessful.
“What’s interesting about this forum is that you don’t need access via TOR (a software which enables anonymous communication often used to access the dark web ),” Prof Lacey said .
“The site is available via the open net, which begs the question as to why a take down has not been successful?”
“The Registrar (of RAID FORUMS) is Cloudflare and a petition was launched to have the site taken down a couple of years ago.
“It only received 43 signatories.”
IDCARE is currently assisting members of the community that are experiencing one of eight types of fraudulent SMS text messages (known as Smishing).Read more...