Brian Krebs continues to investigate the SSNDOB website

Oct 1, 2013 09:02 GMT  ·  By

Last week, security expert Brian Krebs reported that the SSNDOB ID theft service was fueled with data stolen from various major data brokers from the US, including LexisNexis, Dun & Bradstreet and HireRight. Now, a new name has been added to the list.

Krebs continues to investigate SSNDOB.ms. He has found that another organization targeted by the cybercriminals who run the service is the National White Collar Crime Center (NW3C).

Ironically, the non-profit organization provides support to entities involved in the investigation, prosecution and prevention of cybercrime, including the FBI’s Internet Crime Complaint Center (IC3).

According to Krebs, the cybercriminals gained access to the NW3C’s systems in late May 2013. They managed to compromise a public-facing VPN server which they controlled until mid-August.

Evidence suggests that the attackers leveraged a ColdFusion vulnerability to plant a malicious program that would help them exfiltrate valuable data.

In the data leaked by other hackers from SSNDOB, Krebs found over 2.5 million information records representing consumer complaints filed to the IC3 over the past 10 years. While the IC3 data might not be of much use for an ID theft service, the hackers found other information on NW3C’s systems that could be much more valuable.

This includes social security numbers, dates of birth, and information related to other organizations.

Alex Holden, of Hold Security LLC, has helped Krebs in analyzing the data. The expert says the cybercrooks had enough time to harvest the data they were after. In the leaked data, he has even come across information on foreign law enforcement agents who were involved in active criminal cases.

“Other entities that might be interested in this data include foreign governments,” Holden noted.

Krebs says the investigation is far from being over, so it’s likely that we’ll learn the names of other high-profile organizations targeted by the SSNDOB group.