Massive X-Factor US database hack part of long-term fraud data pimping strategy says SecurEnvoy

(PresseBox) ( Parkview, )
Another hack and this time the personal details of 250,000 entrants to the X-Factor US competition appear to have been compromised. And, says Andy Kemshall, technical director of SecurEnvoy, this is the latest in a string of attacks on corporate servers to extract personal data, suggesting that cybercriminals are now building information profiles on people, rather than developing frauds around available credentials.

"This corporate hack is notable, both for the size of the database theft, and the fact it was made against the servers of music executive Simon Cowell, who is renowned for his attention to detail. This suggests that the server hack was carefully planned and one of a series of attacks on company systems," he said.

According to Kemshall, whose firm specialises in two factor authentication, the last few months have been peppered with reports of corporate servers being hacked, and large databases lifted for purposes unknown.

The Sony PlayStation Network and the Epsilon system hacks are the most high profile of these, he said, adding that there have been many more less-reported intrusions, suggesting that cybercriminals are now actively compiling data on large numbers of people for longer-term fraud.

"It's actually quite easy to see a pattern emerging in these attacks. Previously, frauds were card-centric and built around opportunistic database hacks, but the sheer volume of the system hacks in recent months suggests that there is a longer-term strategy involved," he said.

"We already know that people's credentials, including their names and unique identifiers such as social security/national insurance and address details, are being bought and sold on underground forums, along with dates-of-birth, email addresses and other personal data," he said.

"Our observations suggest that this data is being compiled into one or more databases, meaning that low-level frauds can be carried out on a steady basis, bursting into periods of high activity when the people's debit or credit card details become available," he added.

The SecurEnvoy technical director calls this strategy 'fraud data pimping' and notes this is something that the IT security industry has not seen before, but then, he says, cybercriminals have never had it so good, with the wealth of data on millions of people available to them.

The data from the attack against the servers of Simon Cowell's operation, Kemshall went on to say, could be used for phishing or phone-engineering scams against the contestants, but the fact that the FBI is investigating the hack suggests that a gang - who may be involved in other corporate attacks - carried out the systems intrusion.

"It's very easy to dismiss the X-Factor US systems database hack as a one-off incident, but if you look at the hack against the backdrop of a constant stream of corporate hacks in recent months, the reality starts to hit home," he said.

"And that reality is that cybercriminals are starting to conduct these attacks on a carefully planned basis, with the longer-term strategy of building their own fraudulent database on as many people as possible," he added.

For more on SecurEnvoy:

For more on the X-Factor US systems hack:
The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material.
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to