July 29, 2020
Several online forums and markets have become active in the trading of breached information. IDCARE managing director, Professor David Lacey said in July there were “a total of 7.7 billion verified records from 430 posted databases” available on the web.
RAID FORUMS is one popular site that has taken the gamification of breaches to the next level. The easily accessible forum has begun posting breached information where members earn credits, not because they have posted data, but because other members have unlocked the content.
In the same way people can earn “karma” (points) on Reddit (a popular forum where people share news and content) so can people earn credits by sharing breached information. With Reddit, the more people who read a post, the more “karma” a person earns, whereas with the RAID FORUMS, the more ‘unlocks’ the posted data attracts, the more credits a member earns. This credit can then be used to access and unlock the content of other posts.
Prof Lacey said there was a worrying range of information on the RAID FORUMS site. “The posts range from low risk personal attributes and contact details, to higher risk identity credentials, usernames and passwords and Government identifiers,” Prof Lacey said.
Attempts to have sites like RAID FORUMS closed have been unsuccessful.
“What’s interesting about this forum is that you don’t need access via TOR (a software which enables anonymous communication often used to access the dark web ),” Prof Lacey said .
“The site is available via the open net, which begs the question as to why a take down has not been successful?”
“The Registrar (of RAID FORUMS) is Cloudflare and a petition was launched to have the site taken down a couple of years ago.
“It only received 43 signatories.”
Australian Information and Privacy Commissioner discusses latest quarterly report on the Notifiable Data Breaches scheme.more info
There is limited regulation around the posting of new apps from download stores.more info