Tracking the Password Thieves. The Washington Post today ran a story I wrote about an epidemic of data theft being fueled by password-stealing viruses and phishing attacks. In some ways, the story behind the reporting that went into the piece is just as interesting, so I'd like to share a few of those details.
I based the story in part on a cache of stolen data I found online (more on how I obtained it in a bit). The data was being compiled by a password-stealing virus that had infected many thousands of computers worldwide; the particular text file that I found included personal information on 3,221 victims scattered across all 50 U.S. states.
Using a custom-built application that makes use of the Google Maps API, I was able to chart the approximate locations of the victims. This was possible because at the beginning of each record was the virus's best guess of the longitude and latitude of the infected computer's Internet address. This so-called "geo-IP" process is far from perfect: Sometimes these automated guesses are disturbingly accurate, and other times they are miles wide or completely wrong.
The approximate location of the 3,221 U.S. residents victimized by this virus (Data gathered by washingtonpost.com; image courtesy Secure Science Corp. and Google).
Scammers collect information about the location of their victims because it becomes useful when they want to conduct fraud with a hijacked credit or debit card account. The idea here is to evade a key component of fraud detection in the financial industry -- transaction location tracking. If Joe in Georgia starts suddenly withdrawing money or making purchases in Nigeria or Europe when his last transaction was an hour earlier in Atlanta, Joe's bank is going to flag the transactions as fraudulent and in all likelihood cancel the card. [Security Fix]
11:30:56 AM 
|
