THE “GAMIFICATION” OF DATA BREACHES. How internet forums are playing with your personal details.
The leaking of private details of company employees used to be limited to hard to access sites on the dark web where criminals would trade in details. Now it has become a game anyone can play in.
Several online forums and markets have become active in the trading of breached information. IDCARE managing director, Professor David Lacey said in July there were “a total of 7.7 billion verified records from 430 posted databases” available on the web.
RAID FORUMS is one popular site that has taken the gamification of breaches to the next level. The easily accessible forum has begun posting breached information where members earn credits, not because they have posted data, but because other members have unlocked the content.
In the same way people can earn “karma” (points) on Reddit (a popular forum where people share news and content) so can people earn credits by sharing breached information. With Reddit, the more people who read a post, the more “karma” a person earns, whereas with the RAID FORUMS, the more ‘unlocks’ the posted data attracts, the more credits a member earns. This credit can then be used to access and unlock the content of other posts.
Prof Lacey said there was a worrying range of information on the RAID FORUMS site. “The posts range from low risk personal attributes and contact details, to higher risk identity credentials, usernames and passwords and Government identifiers,” Prof Lacey said.
Attempts to have sites like RAID FORUMS closed have been unsuccessful.
“What’s interesting about this forum is that you don’t need access via TOR (a software which enables anonymous communication often used to access the dark web ),” Prof Lacey said .
“The site is available via the open net, which begs the question as to why a take down has not been successful?”
“The Registrar (of RAID FORUMS) is Cloudflare and a petition was launched to have the site taken down a couple of years ago.
IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.
IDCARE as a registered charity does not ask individuals to donate or pay for our front line services. We are not a charity that can receive tax deductible donations. We rely on organisations that care enough about you to care about us to keep our charitable service going. Proudly these organisations are displayed above and on our Subscriber Organisations page. If you are asked for payment from someone claiming to be from IDCARE, please report this to us using our Report Phishing email.
IDCARE has access to the Department of Social Services’ Free Interpreting Service, delivered by the Translating and Interpreting Service (TIS National). Access to the Free Interpreting Service is provided to assist you to communicate with non-English speaking people who hold a Medicare card. Please note that the service does not extend to New Zealand citizens or residents who do not hold an Australian Medicare card, or to tourists, overseas students or people on temporary work visas.
New Zealand Relay provides services to help Deaf, hearing impaired, speech impaired, Deafblind and standard phone users communicate with their peers. A TTY user connects to New Zealand Relay via a toll-free number and types their conversation to a Relay Assistant (RA) who then reads out the typed message to a standard phone user (hearing person).
The RA relays the hearing person's spoken words by typing them back to the Textphone (TTY) User.
The National Relay Service (NRS) is an Australian government initiative that allows people who are deaf, hard of hearing and/or have a speech impairment to make and receive phone calls.
The NRS is available 24 hours a day, every day and relays more than a million calls each year throughout Australia.