Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Thursday July 19 2018, @04:33AM   Printer-friendly
from the hack-the-planet-hack-the-DB dept.

Submitted via IRC for BoyceMagooglyMonkey

The US Department of Justice, Apple, and game maker Supercell, have been warned of a money laundering ring that uses fake Apple accounts and gaming profiles to make transactions with stolen credit/debit cards and then sells these game premiums on online sites for the group's profit.

This operation came to light in mid-June when security researchers from Kromtech Security came across a MongoDB database that had been left exposed online without authentication.

"As we examined the database we rapidly became aware that this was not your ordinary corporate database," said Kromtech researcher Bob Diachenko.

"This database appeared to belong to credit card thieves (commonly known as carders) and that it was relatively new, only a few months old," he added.

Source: Open MongoDB Database Exposes Mobile Games Money Laundering Operation


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 1, Redundant) by c0lo on Thursday July 19 2018, @04:57AM (6 children)

    by c0lo (156) Subscriber Badge on Thursday July 19 2018, @04:57AM (#709219) Journal

    Open MongoDB Database Exposes Mobile Games Money Laundering Operation

    Just from curiosity, what's the relevance of the fact the info was stored by a MongoDB?

    For instance: is it an aggravating factor, like in "MongoDB is the database of choice for hackers"? Or, on the contrary, is it like "A good thing the info was stored in a MongoDB, with a plain text storage it may have been a catastrophe"?

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    • (Score: 4, Insightful) by Mykl on Thursday July 19 2018, @05:26AM (1 child)

      by Mykl (1112) on Thursday July 19 2018, @05:26AM (#709223)

      Just from curiosity, what's the relevance of the fact the info was stored by a MongoDB?

      Who cares? I'm more interested in whether it was powered by Blockchain!

      • (Score: 0) by Anonymous Coward on Thursday July 19 2018, @11:54PM

        by Anonymous Coward on Thursday July 19 2018, @11:54PM (#709678)

        But does Blockchain web-scale? MongoDB web scales [youtube.com].

        Aha the classics...

    • (Score: 2) by ewk on Thursday July 19 2018, @08:01AM

      by ewk (5923) on Thursday July 19 2018, @08:01AM (#709267)

      Wasn't MongoDB the one that (with some (hopefully older) versions?) installed itself (in the default configuration) with password-less admin-access?

      --
      I don't always react, but when I do, I do it on SoylentNews
    • (Score: 3, Informative) by takyon on Thursday July 19 2018, @01:01PM

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Thursday July 19 2018, @01:01PM (#709351) Journal

      https://kotaku.com/criminals-are-using-clash-of-clans-to-launder-money-ne-1827698965 [kotaku.com]

      Kromtech’s investigation started with a popular database-building software called MongoDB. For years, poor configurations allowed hackers to connect to and collect data from tens of thousands of MongoDB databases. Analyzing samples from one database, Kromtech happened upon these Clash of Clans criminals, who stored over a hundred thousands credit cards there. Those numbers, Diachenko presumed, were mined from other data breaches.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    • (Score: 1, Funny) by Anonymous Coward on Thursday July 19 2018, @02:32PM (1 child)

      by Anonymous Coward on Thursday July 19 2018, @02:32PM (#709415)

      MongoDB is web-scale!

  • (Score: 1, Informative) by Anonymous Coward on Thursday July 19 2018, @05:59AM (1 child)

    by Anonymous Coward on Thursday July 19 2018, @05:59AM (#709234)

    I have a "Magic: The Gathering" card game arena down the street from me in one of those strip-mall streetside business complexes.

    Is this how they get the money to fund MtGox (Magic: The Gathering - Online eXchange ) bitcoin? By selling little squares of cardboard game play pieces at outrageous prices to game players?

    I have an acquaintance mixed up in this card-game, and he has invested humongous sums of money - for little game play pieces he claims are worth hundreds of dollars apiece?

    I would not give him even a dollar for his whole friggen box of 'em. I'd rather have a decent pair of test clips.

  • (Score: 0, Offtopic) by MichaelDavidCrawford on Thursday July 19 2018, @06:12AM

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Thursday July 19 2018, @06:12AM (#709240) Homepage Journal

    tl:dr; Emmanuel Olusoji Ishola of Nigeria - Lagos I expect but don't really know - remains completely convinced that I am head-over-heels in love with a woman whose full name is not found online, but who is most likely a certain Anniston Alabama lady with those same first and last names but with her cousin's middle name.

    It seems my Alias Lady is perpetually in need of groceries as well as school supplied for her young son Carl, and as well it seems that one can use iTunes Prepaid Cards to purchase just about anything in Prattville, Alabama.

    My very-most cruelest prank so far was to promise First-Name Cousin's-Middle-Name Last-Name $650 in cash, but what I actually overnighted via US Postal Service Express Mail was a cashier's check payable to - specifically - First-Name Cousin's-Middle-Name Last-Name.

    My "lady" claims she was unable to cash it because her driver's license is expired. Then just a few days later she tearfully told me that she wrecked her car yet somehow was not arrested for having an expired license.

    Now she is in New Mexico despite the regulation - or perhaps the law - that one must show government-issued photographic identification upon entry to the secured areas of America's airports.

    She could not possibly have gotten to NM by any other means than flying: from Prattville, Alabama to an as-yet-unspecified city in New Mexico took her less then twelve hours.

    I've grown quite impatient with her _perpetual_ clamor for me to OVERNIGHT to her iTunes Prepaid Cards or just as good Money Grams, as well as her profound grief whenever I tell her I'm happy to OVERNIGHT to her cashier's checks made out to - specifically - First-Name Cousin's-Middle-Name Last-Name, so this morning I informed her that "I'm not feeling well" then powered off my iToy.

    I'll be right as rain tomorrow for sure. It's just that today I wanted to get some real work done.

    Have you any specific suggestions as to how I should next tie Mr. Ishola's nuts in a knot?

    PS: Try This Google Search. You'll Be Glad You Did!

    PS: I gave Mr. Ishola's Bank Of America account number to each of the Portland, Oregon and Birmingham Alabama FBI and Secret Service Field Offices.

    Secret Service because it has jurisdiction over financial crimes. FBI because I'm uncertain that the Secret Service deals with this specific kind.

    --
    Yes I Have No Bananas. [gofundme.com]
  • (Score: 2) by arslan on Friday July 20 2018, @01:25AM

    by arslan (3462) on Friday July 20 2018, @01:25AM (#709734)

    Even the crooks need to think cyber security first nowadays! Infosec professionals now have another avenue for employment of their skills! Think cyber-hardening-as-a-service paid via bitcoins or cold hard cash drops!

(1)