Re: [privacy] UK: Individual Banking Data Details Being Sold in Nigeria

[Phons Bloemen <p.bloemen () kpn-is nl>]

Fergie wrote:
> While this is not really new, it _does_ reiterate the issue of
> securely destroying your old computer information before discarding
> it. :-)
>
> Via The BBC.
>
> [snip]
>
> Bank account details belonging to thousands of Britons are being sold
> in West Africa for less than £20 each, the BBC's Real Story programme
> has found.
>
> It discovered that fraudsters in Nigeria were able to find internet
> banking data stored on recycled PCs sent from the UK to Africa.
>
> [snip]
>
> More:
> http://news.bbc.co.uk/1/hi/business/4790293.stm
>
> - ferg

I happened to view this television report on the 'Beeb' yesterday
evening, and have to say it was nicely done. The fraud being committed
is pretty 'lowlevel'. The 15 pounds were used to buy a used hard drive
in a shop in Lagos (Nigeria).

The reporter collected several of these hard drives and sent them to a
forensics lab (during an interview of the forensic investigator, a
screen in the background seemed to show a webpage of 'Autopsy', a free
forensic tool). Then they traced back the former owners of the drives
and confronted them with the results.

The former owners all had taken their used and worn-out pc's to the city
dumps or their local computer shops for recycling. Some of the owners
did format or delete the data (but that is not enough).
'Recycling' turned out to be the collection of the PC's and shipping
them to 'Neverland' for deconstruction. In this case, 'Neverland' equals
Lagos, Nigeria. Of course, there was no 'disk wiping step' in the
processing of the used PC's.
They also interviewed a spokesman of a professional pc recycling
service, who had a disk wipe step in their processing process.
Unfortunately, they only took larger batches of used PC's (banks and
insurance companies), no 'singles' of private customers.

In the second part of the report the reporter witnessed a raid of the
Nigerian cyber crime squad on an internet cafe. Despite a note posted on
the terminals that these were not to be used for spamming and 419 fraud,
there was more than enough evidence on the 20 or so Dells they took out
of the cafe. In the aftermath of the raid, when the suspects were hauled
into police vans, a huge crowd had gathered and stones were being thrown
at the cyber crime officers.

> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg(at)netzero.net
>  ferg's tech blog: http://fergdawg.blogspot.com/

-- 
Phons Bloemen, sr. security officer KPN-CERT/KPN OVN iDiensten
PGP key IDs: (http://pgp.surfnet.nl:11371) 0x6fe6761b, 0x948c9ac1
_______________________________________________
privacy mailing list
privacy () whitestar linuxbox org
http://www.whitestar.linuxbox.org/mailman/listinfo/privacy