June 17, 2010

New fraud service serves as repository for stolen data

Microsoft has joined forces with the National Cyber Forensics Training Alliance (NCFTA) to launch a portal designed to immediately alert companies if credentials or credit card numbers belonging to their customers have been discovered online.

The Internet Fraud Alert system, unveiled Thursday, has two capabilities.

First, it will provide approved researchers and law enforcement with the ability to report compromised accounts they may stumble upon as they trawl the darker corners of the internet, said Ron Plesco, president and CEO of the Pittsburgh-based NCFTA. Second, companies, such as banks, retailers, social networking sites and email providers, can register with the service so they are notified if stolen data belonging to their customers — typically discovered in remote database servers — is uploaded to the portal.

The program was conceptualized because currently there is no formalized way to warn organizations if credentials or card numbers they issued are exposed on the internet, Plesco said.

Microsoft built and donated the technology, which both matches the data with the victim organization and enables the alerting.

"It's part of our broader efforts to address cybercrime," Tim Cranton, associate counsel at Microsoft's Digital Crimes Unit, told SCMagazineUS.com on Thursday.

The portal closes the time gap between when the credentials and card numbers, possibly swiped in a phishing attack or a hacking, are posted on the web and when they are used for fraudulent purposes, Cranton said.

Law enforcement also stands to benefit. The researcher who discovers the hijacked account information, or the victimized entity, can choose to loop in authorities with what can prove to be valuable evidence in an investigation, he said.

"Now, law enforcement can go back and say, 'Oh look, here's really where the attack occurred that caused your identity to be stolen, and here's 1,000 other people who suffered the same attack,'" Cranton said.

The portal will rely on information discovered by partners, such as the Anti-Phishing Working Group, American Bankers Association, PayPal, eBay and the Federal Trade Commission, Plesco said.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.