funsec mailing list archives
Re: [privacy] UK: Individual Banking Data Details Being Sold in Nigeria
From: Phons Bloemen <p.bloemen () kpn-is nl>
Date: Tue, 15 Aug 2006 11:34:33 +0200
Fergie wrote:
While this is not really new, it _does_ reiterate the issue of securely destroying your old computer information before discarding it. :-) Via The BBC. [snip] Bank account details belonging to thousands of Britons are being sold in West Africa for less than £20 each, the BBC's Real Story programme has found. It discovered that fraudsters in Nigeria were able to find internet banking data stored on recycled PCs sent from the UK to Africa. [snip] More: http://news.bbc.co.uk/1/hi/business/4790293.stm - ferg
I happened to view this television report on the 'Beeb' yesterday evening, and have to say it was nicely done. The fraud being committed is pretty 'lowlevel'. The 15 pounds were used to buy a used hard drive in a shop in Lagos (Nigeria). The reporter collected several of these hard drives and sent them to a forensics lab (during an interview of the forensic investigator, a screen in the background seemed to show a webpage of 'Autopsy', a free forensic tool). Then they traced back the former owners of the drives and confronted them with the results. The former owners all had taken their used and worn-out pc's to the city dumps or their local computer shops for recycling. Some of the owners did format or delete the data (but that is not enough). 'Recycling' turned out to be the collection of the PC's and shipping them to 'Neverland' for deconstruction. In this case, 'Neverland' equals Lagos, Nigeria. Of course, there was no 'disk wiping step' in the processing of the used PC's. They also interviewed a spokesman of a professional pc recycling service, who had a disk wipe step in their processing process. Unfortunately, they only took larger batches of used PC's (banks and insurance companies), no 'singles' of private customers. In the second part of the report the reporter witnessed a raid of the Nigerian cyber crime squad on an internet cafe. Despite a note posted on the terminals that these were not to be used for spamming and 419 fraud, there was more than enough evidence on the 20 or so Dells they took out of the cafe. In the aftermath of the raid, when the suspects were hauled into police vans, a huge crowd had gathered and stones were being thrown at the cyber crime officers.
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
-- Phons Bloemen, sr. security officer KPN-CERT/KPN OVN iDiensten PGP key IDs: (http://pgp.surfnet.nl:11371) 0x6fe6761b, 0x948c9ac1 _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- [privacy] UK: Individual Banking Data Details Being Sold in Nigeria Fergie (Aug 14)
- Re: [privacy] UK: Individual Banking Data Details Being Sold in Nigeria Phons Bloemen (Aug 15)