From: Rabid Wombat <wombat@mcfeely.bsfs.org>
To: bureau42 Anonymous Remailer <remailer@bureau42.ml.org>
Message Hash: dc0e31551c2a2319feb6e9d28255673cd65347fcd7cb5ee8b1a0aff5f5d331c4
Message ID: <Pine.BSF.3.91.970901111126.16439D-100000@mcfeely.bsfs.org>
Reply To: <cJ7vHp9OYe6SZxEVBEbNlQ==@bureau42.ml.org>
UTC Datetime: 1997-09-01 16:48:02 UTC
Raw Date: Tue, 2 Sep 1997 00:48:02 +0800
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 2 Sep 1997 00:48:02 +0800
To: bureau42 Anonymous Remailer <remailer@bureau42.ml.org>
Subject: Re: your mail
In-Reply-To: <cJ7vHp9OYe6SZxEVBEbNlQ==@bureau42.ml.org>
Message-ID: <Pine.BSF.3.91.970901111126.16439D-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain
On Mon, 1 Sep 1997, bureau42 Anonymous Remailer wrote:
> Rabid Wombat wrote:
> >
> > On Mon, 1 Sep 1997, Anonymous wrote:
> >
> > > "Smak" delivered an encrypted CD containing over 100,000 stolen
> > > credit card numbers. After the validity of the credit card information
> > > was confirmed through decryption of the data on the CD, "Smak" was
> > > taken into custody by the FBI.
> > >
> > > And the 100,000 people were immediately notified that their credit
> > > cards had been compromised? I fucking doubt it. Better to screw over
> > > 100,000 citizen-units than expose the incompetence of a few companies
> > > and the government's fight against strong encryption and computer
> > > security.
> >
> > I was recently notified by a bank that issued one of my credit cards that
> > my card number had been sold, along with thousands of other account
> > numbers, to an undercover FBI agent. The bank canceled my account, opened
> > a new one, and overnighted a replacement card. No big deal, and no loss
> > to me.
> >
> > OTOH, it *might* have been in response to a different incident. Keep
> > those paranoid rants coming.
>
> Why don't you tell us the name of the company that has such lousy
> computer security that your credit was placed in jepoardy, so that we
> can decide if we want to avoid doing business with them?
>
Based on what I've seen so far, the account numbers were more likely to
have been obtained from the databases of merchants than from banks. If
the bank was cracked, there would have been many more card numbers from
one bank on the CD, rather than a distribution of account numbers issued
by many institutions. I doubt that someone managed to crack a dozens of
banks, and then took only a few thousand numbers from each. It is more
likely that "widgets R us" was compromised, resulting in a few thousand
accounts from each of the major banks.
I suppose I could look back over a few year's worth of statements, and
tell you where *not* to shop, but I'd be listing all merchants I'd done
business with as being equally guilty, when it is very likely that only
one was compromised.
My guess is that Smak had inside access to a particular merchant's
system, but I've been wrong before.
-r.w.
Return to September 1997
Return to “Rabid Wombat <wombat@mcfeely.bsfs.org>”