World-Check blacklist of 2.2m suspected criminals listed for sale on Dark Web

[Batu69]

Authenticity of the leaked data has been called into question.

 

An alleged copy of a global database used by governments, intelligence agencies and banks has been put up for sale on the Dark Web, potentially exposing millions of suspected terrorists and individuals linked to organised crime.

 

On 29 June, the database in question, called World-Check, was uncovered online by a security researcher called Chris Vickery, who subsequently reported the issue to Thomson Reuters, the organisation that manages its content.

 

As previously reported, it was believed the information had been successfully contained after being left exposed by a third party on a misconfigured database.

Yet now, a vendor using the name 'bestbuy' has put what purports to be the contents of the database up for sale on an underground marketplace called The Real Deal.

 

The data dump, which claims to contain over 2.2 million records from 2014, is being sold for 10 bitcoin, equivalent to roughly £5,000 ($6,600, €5,940) at the time of writing.

On the website, bestbuy, referencing the previous leak, wrote: "World-Check DB grabbed from the CouchDB leak. 2,230,000~ records from 2014. Please do not ask to look for people, if you want the db buy the db."

 

On The Real Deal, which has been used by vendors to host some of the biggest data breaches in recent months, the same vendor – who currently has a 100% positive feedback rating – is also selling the contents of the massive LinkedIn breach, alongside a cache of stolen WordPress login credentials.

 

However, Vickery has called the authenticity of the records into question. In an email to IBTimes UK, the MacKeeper security researcher said he was "highly sceptical" of the posting.

 

He explained: "The person that put up the Real Deal posting is citing different record totals than I recall seeing and has offered no proof that they actually have a copy of the database. The only statements I've seen from the seller, 'bestbuy', appear to reflect general information that anyone could have gathered from news reports."

 

He added: "I want to unequivocally state that I am not the person trying to sell this alleged copy of the World-Check database. And, to the best of my knowledge, it is not anyone that I have ever had contact with."

 

The controversial World-Check database system, which has in the past been accused of providing false positives, collates 'risk profiles' on individuals with suspected links to terror groups, political corruption or dodgy financial backgrounds.

 

The data is gathered from "independent global media reports" and individual profiles for each individual are then compiled. According to Reuters, the records are collated by "more than 350 research analysts based in 11 research centres across five continents."

 

When it was first exposed, Vickery granted IBTimes UK access to the leaked information and it contained 2,248,125 records stored in categories such as corporate, military, terrorism and crime. World-Check, based on public reports, is used by 49 of the 50 largest financial institutions, more than 300 government and intelligence agencies, and nine of the top 10 global law firms.

 

Screenshot: World-Check database on The Real Deal marketplaceScreenshot/The Real Deal

Previously, a Thomson Reuters spokesperson told IBTimes UK: "[Thomson Reuters] immediately took steps to contact the third party responsible – as a result we can confirm that the third party has taken down the information. We have also spoken to the third party to ensure there will be no repetition of this unacceptable incident."

 

Now, it seems the database, thought to have been supressed from the public, could soon be in the wild. When contacted, Thomspon Reuters told IBTimes UK it is investigating the issue.

 

Article source

[straycat19]

I thought we discussed this a couple weeks ago but maybe it was on a forum on the dark web and not here.  Save your money, the list is bogus, which is why he won't verify a name on the list to prove it is real, because the name he is given could be on the list or could not be and he would only have a 50% chance of being right.  The list was purchased by a federal agency CI and has been proven to be false.  But if you have that much money laying around, be my guest.

[Petrovic]

The World-Check database that lists "heightened risk individuals and organizations" is reportedly up for sale on the dark web.

 

The database is a commercial product offered by Thomson Reuters, which bills it as a useful tool for those fighting money laundering, "organized crime, sanctions, Countering the Financing of Terrorism (CFT), and Politically Exposed Persons (PEPs)."

 

The database contains some 2.2 million records. Customers include major banks and spookhaüses galore. Access is only granted after a vetting process and agreement to tough non-disclosure agreements.

 

As The Register revealed the World-Check database was breached last month thanks to a user's customer couchdb leak.

That mistake made the database becoming open to plunder hours after the breach became public.

 

If the database has become widely available it will be hugely damaging to both Thomson Reuters and named individuals, some of whom have been shown to be inaccurately tagged in the database as having criminal or terrorist links.

 

Dark market seller "Bestbuy" says they obtained the same database as security researcher Chris Vickery, who obtained the database last month and reported the leak to Thomson Reuters.

 

It is being offered for 10 Bitcoins (US$6750, £6098, A$8945) for the entire database.

 

"Bestbuy" is a new level one seller to the marketplace with a handful of positive sales, making it more likely the database is a scam.

 

The Register has requested "Bestbuy" demonstrate the legitimacy of the database through verification checks, but had not received a response at the time of writing.

The seller is also offering the massive but old 117 million LinkedIn breach database dating back to 2012 for 1.2 bitcoins (US$1084, £980, A$1436).

 

Also up for sale is an unspecified Microsoft Office zero day that allegedly works on Windows 7 and older platforms. The anonymous seller says that flaw comes from his "personal stock" of exploits and is on sale because a "real life client is a fucking idiot who takes too long to do anything".

Article source

[Batu69]

Thread has been merged.