THE “GAMIFICATION” OF DATA BREACHES. How internet forums are playing with your personal details.

The leaking of private details of company employees used to be limited to hard to access sites on the dark web where criminals would trade in details. Now it has become a game anyone can play in.

Several online forums and markets have become active in the trading of breached information. IDCARE managing director, Professor David Lacey said in July there were “a total of 7.7 billion verified records from 430 posted databases” available on the web.

RAID FORUMS is one popular site that has taken the gamification of breaches to the next level. The easily accessible forum has begun posting breached information where members earn credits, not because they have posted data, but because other members have unlocked the content.

In the same way people can earn “karma” (points) on Reddit (a popular forum where people share news and content) so can people earn credits by sharing breached information. With Reddit, the more people who read a post, the more “karma” a person earns, whereas with the RAID FORUMS, the more ‘unlocks’ the posted data attracts, the more credits a member earns. This credit can then be used to access and unlock the content of other posts.

Prof Lacey said there was a worrying range of information on the RAID FORUMS site. “The posts range from low risk personal attributes and contact details, to higher risk identity credentials, usernames and passwords and Government identifiers,” Prof Lacey said.

Attempts to have sites like RAID FORUMS closed have been unsuccessful.

“What’s interesting about this forum is that you don’t need access via TOR (a software which enables anonymous communication often used to access the dark web ),” Prof Lacey said .

“The site is available via the open net, which begs the question as to why a take down has not been successful?”

“The Registrar (of RAID FORUMS) is Cloudflare and a petition was launched to have the site taken down a couple of years ago.

“It only received 43 signatories.”

BACK TO LATEST NEWS

Other News

IDCARE is always active in the media from radio to TV, social media and news articles. Keep up to date with what's happening at IDCARE and in the media.

Are You Vulnerable To Scams? Do The Test

And we answer the big question about the Do Not Call Register.

ATO DIRECT refund scam

It appears to come from the ATO offering a refund.

Phishing, spoofing, spamming?

Cyber-lingo explained in the latest edition of The Cyber Sushi.

Warning & Response Advice: Smishing (SMS-TEXT) Fraud Event

IDCARE is currently assisting members of the community that are experiencing one of eight types of fraudulent SMS text messages (known as Smishing).

CONTACT US

IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.