Card Data Old Hat for Thieves: Onsite Coverage
WASHINGTON — A panel of experts in the international trade of stolen consumer data said Wednesday that payment card data has largely been eclipsed as the most valuable in the international marketplace.
Kurt Baumgartner, principal security researcher at Kaspersky Lab, an international cyber security firm, told attendees at Visa’s Global Security Summit at the Ronald Reagan Building that payment card data from European breaches is worth four or five times more on the international market than data from U.S. breaches, but that overall payment card data has been surpassed in value.
The real data being sought now are things like what your high school's mascot was and where you had your first job, Baumgartner said, combined with Social Security numbers and dates of birth. Byron Acohido, a technology reporter and blogger with USA Today, reminded the meeting of a recent incident where a underground market in stolen information had its servers hacked and the hackers discovered that the thieves had been taking Social Security numbers and dates of birth from Lexus/Nexus and Dun + Bradstreet.
“This suggests that thieves might have had their fingers in the pies of some of the very largest companies for a very long time,” Acohido remarked.
The discovery has implications for the rise of cloud computing, which bring costs savings but new security concerns
“Essentially, cloud computing aggregates the data for thieves,” Baumgartner said, though he added that cloud computing can also have strengths that could help make it a reliable resource going forward.
Baumgartner and Acohido joined Donald Good, section chief for cyber operations at the FBI, in reporting increased communications across different platforms and organizations to develop defenses against cyber theft, but that law abiding firms are not communicating or cooperating nearly as much as thieves are.
“Cyber thieves have become extremely efficient about communication and cooperation on an as-needed basis,” Baumgartner said.