According to an extensive investigation by Brian Krebs of KrebsOnSecurity, an organized group of identity thieves who trade in stolen personal information and successfully compromised multiple consumer data brokers are also responsible for hacking the National White Collar Crime Center (NW3C).
“NW3C provides a nationwide support system for law enforcement and regulatory agencies involved in the prevention, investigation and prosecution of economic and high-tech crime,” the agency’s website states.
The website ssndob[dot]ms has been selling personal information in the Internet black market for several years according to Krebs, including social security numbers, birth records and credit profiles, but until no the origin of the illicit data has been unknown.
Krebs’ investigation uncovered that the data had been exfiltrated from some of the nation’s largest data brokers, including LexisNexis, Dun & Bradstreet, Kroll Background America, and now the NW3C.
In addition to providing assistance to law enforcement in determining patterns associated with criminal activity, the NW3C also provides public advisories and administers the Internet Crime Complaint Center (IC3) in association with the Federal Bureau of Investigation (FBI), a mechanism by which citizens can report cybercrimes.
Krebs’ investigation concludes that the attackers compromised a public-facing server at NW3C as early as May of this year, and created an encrypted communications channel. The server was taken offline in August, but it is unclear if this was done for security reasons.
It appears that the attackers made off with a list of usernames and passwords, as well as about ten years worth of cybercrime complaints submitted by consumers to IC3.
Read More Here…