Microsoft opens Internet Fraud Alert center to process stolen data
Posted on | June 18, 2010 | add a comment
UPDATE 21 June 2010: Another key partner involved in last week’s launch of the Internet Fraud Alert center is Chicago-based Accuity. The company is donating access to Databank, a storehouse of global bank and financial institution information. This will allow NCFTA to verify the information provided by institutions wishing to participate in the program and help ensure the integrity of the vetting and alerting processes.
“Accuity is participating and donating its solutions because modern commerce depends on a trustworthy online marketplace, but unfortunately, there will always be deviants trying to defraud consumers and erode the trust in that system, ” says Hugh Jones, CEO of Accuity. “We value the opportunity to extend that trust and be part of taking this significant step towards helping to protect and ensure the dependability of the online marketplace.â€
By Byron Acohido, USA TODAY
18 June 2010, P1B
In a major step to slow cybercrime, Microsoft on Thursday launched a coalition that will serve as a clearinghouse for reports about caches of stolen data stashed all across the Internet.
Malicious programs crafted to swipe your financial and personal data have come to saturate the Internet — so much so that security researchers routinely ferret out computer servers used by cybercrooks to hoard stolen data. Until now, there was no specific process for reporting such discoveries.
The Internet Fraud Alert center — spearheaded by Microsoft and managed by the National Cyber-Forensics & Training Alliance (NCFTA) — will serve as a reporting hub. Stolen payment card numbers and online banking account logons will be routed to the issuing banks. The institutions will then decide whether to alert customers, suspend the accounts or pursue legal remedies.
Stolen Social Security numbers, birthdates and other personal data will be archived offline by the NCFTA and made available, as needed, to law enforcement.
“This fills a big gap in the arsenal of weapons we need to fight online fraud,” says Nancy Anderson, Microsoft’s deputy general counsel.
The stakes are high. Phishing scams, just one method of cyberthievery, revolve around tricking Web users into divulging sensitive data. Last year, phishing gangs duped 1 million U.S. households into losses of some $650 million, according to Anti-Phishing Working Group, a consortium of banks, retailers, Internet host providers, tech-security companies and law enforcement agencies.
Data thieves routinely access compromised PCs they have set up as storage servers. They typically store small caches of stolen data on one server, then move on to the next, says James Brooks, product-management director at security firm Cyveillance. Stashing data in this way helps thieves stay ahead of anti-virus filters.
One such server recently discovered by Cyveillance contained 6,000 logons to active accounts in six social networks and 1,200 logons to financial accounts at nearly 30 banks. “We’ve found caches storing sensitive data for hundreds of thousands individuals,” Brooks says. “Most often it’s a few hundred to a few thousand.”
Inaugural members of the Internet Fraud Alert group include the American Bankers Association, Anti-Phishing Working Group, Citizens Bank, eBay, the Federal Trade Commission, the National Consumers League and PayPal.
The eventual participation of Google, Yahoo and Facebook could be a key to long-run success, says Dan Clements, spokesman for Affinion Security Center’s CardCops division. That’s because those tech giants each day collect mountains of Internet traffic data that could be sifted to track down the major wellsprings of criminal activity.
“We’ve long thought private industry has to step forward with a creative solution to solve global cybercrime,” Clements says.