Could a Botnet Pose as You for a Loan Application?

What do Kanye West, CIA Director John Brennan and First Lady Michelle Obama have in common? Aside from being often photographed and extremely well known, all three prominent public figures were targets of a massive security breach in personal data—and they’re not the only ones. Millions of people, both famous and not, have had their valuable information—from Social Security numbers (SSN) and birth records to credit and background reports exposed through a long-running identity theft scam using well-known background check technologies. Due to the increasing sneakiness of cybercriminals, your credit history may be at risk.

On September 14th, security blogger Brian Krebs posted about his seven month investigation regarding an identity theft service that sells Social Security numbers, birth records, and credit and background reports. The website Krebs was interested in investigating was “” (likely an acronym for Social Security Number Date of Birth). This website has been marketing itself to underground cybercriminals as a reliable and affordable way to access the personal data of any US resident. Cybercriminals would pay around 50 cents to $2.50 per record, and up to $15 for credit and background checks using virtual currencies such as Bitcoin.

As he analyzed the SSNDOB database, Krebs found out that the site was using a botnet—a system of hacked computers controlled by cybercriminals—to pilfer valuable data. This botnet gave SSNDOB access to LexisNexis and Dun & Bradstreet, two of the world’s largest data brokers, and Kroll Background America, a background, drug, and health screening company. As of now, the SSNDOB database includes 1.02 million SSNs and about 3 million date of birth records. Due to the breach of data brokers like LexisNexis, hackers may have access to multiple pieces of your personal information that could make taking out fraudulent loans even easier.

Many credit-granting institutions today use a system of “knowledge based authentication” (KBA) to determine whether your loan or credit card request is valid or fraudulent. These questions range from “What is your previous address?” to “Which institution have you taken out a loan from previously?”. There are about 100 questions and answers that companies like LexisNexis store on all of us. Dun & Bradstreet has a similar database, but for businesses.

The KBA market is worth at least $2 billion a year, so it’s no surprise that cybercriminals are attempting to get involved. If they successfully obtain personal answers to these KBA questions, cybercriminals may be able to take out loans and credit cards in others’ names–financial theft at its finest. LexisNexis confirmed that the compromises appear to have originated in April of this year, but they’ve found “no evidence that customer or consumer data were reached or retrieved.”

Krebs’ investigation has exposed the fact that we can’t always rely on companies specializing in such data to keep our personal information secure, and that knowledge-based authentication may soon be a thing of the past. With new and sophisticated attacks targeting KBA providers, more cybercriminals will be able to obtain this previously personal information and use it for identity theft. Credit-granting institutions are looking for a KBA-alternative, but a new solution is likely years away.

The FBI is continuing their investigation and Krebs reports that the SSNDOB site appears to be down. However, in wake of this breach, users everywhere should check through their credit report to see whether or not they have been impacted. And, there are also steps that you can take to be proactive about your own online security, especially surrounding how you share your personal data.

  • Limit what you share on social networking sites. Identity thieves often look on social networking sites for answers to “challenge” questions on your accounts or commonly asked KBA questions, so be careful what you post or share online.
  • Stay smart when connecting to Wi-Fi. When connecting to a public wireless network in a coffee shop, library, hotel, airport, or any other public place, avoid logging into accounts or conducting transactions online. This could leave your information completely exposed to a hacker on the same network.
  • Dispose of personal data appropriately. For paper documents, consider using a cross-cut shredder to dispose of sensitive information. When getting rid of digital devices, make sure that you wipe all of your old data before recycling or reselling. For digital files you’d want to save, use a secure storage system like McAfee Personal Locker, which requires biometric authentication in order to retrieve data.
  • Encrypt your data. When browsing the web, double check that the beginning of the URL reads “https”. This marker indicates that any information you enter on that web page will be encrypted before it’s transmitted over the Internet. There are also many user-friendly encryption tools that can help secure your data. Finally, always look out for the “lock” icon on your browser’s status bar, a final sign that information you send will be safe.
  • Install comprehensive security software. McAfee LiveSafe™ service can help you secure your data and keep your identity private with its many different features, including a secure data vault, password manager, and protection from phishing scams and malware.

Online security breaches are an unfortunate reality of the data-sharing world we live in. Stay ahead of threats like these by following our team on Facebook and on Twitter at @McAfeeConsumer.

Gary Davis

Leave a Comment

19 − 13 =