Methinks they are pricing a bit high. Even assuming that you could get away with the maximum amount of fraud from all 21 million IDs, I doubt you would see 570K Euros, on average, return per compromise. That isn't even allowing for the risk premium or even a small profit.
I would put the FMV of this file at somewhere around 100 Euro per, or 1/5000th the asking price. That's assuming it's worth as much as a Yahoo eyeball. Even that is pushing it, since there isn't much "recurring revenue" in identity theft and bank account compromise. Either the credit goes to hell in a handbasket quickly, or the ID gets flagged, often both. Not to say I'm advocating criminality, but it appears that the criminals haven't caught up to the "mark to market" the rest of us are dealing with. Clearly sensationalism, as are most economic measures of "CyberCrime". >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >On Behalf Of Paul Ferguson >Sent: Sunday, December 07, 2008 12:31 PM >To: [email protected] >Subject: [funsec] Report: 21M German Bank Account Details On Black >Market > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Via Breitbart.com (AFP). > >[snip] > >The details of bank accounts held by 21 million Germans are for sale on >the >black market for 12 million euros (15 million dollars), a German >magazine >reported Saturday. > >In an investigative report, two reporters for the Wirtschaftswoche >magazine >met last month with two individuals, arranged through an intermediary, >who >offered to sell a CD-ROM containing the names, addresses, bank name and >account numbers of 21 million people, the magazine said. > >"We took away with us the first delivery, a CD with 1.2 million >accounts, >that we couldn't imagine," said the editors in charge of the >investigation, >which has caused an uproar in Germany. > >The economic weekly has given authorities the file, which supposedly >would >allow someone to commit fraud on a large scale. > >[snip] > >More: >http://www.breitbart.com/article.php?id=081206224148.ie9uiizl > >Hat-tip: >http://www.pogowasright.org/article.php?story=20081207100924522 > >- - ferg > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.6.3 (Build 3017) > >wj8DBQFJPDKJq1pz9mNUZTMRAmKiAKDT9BTPLj5zm3DLn1UjxM1ZBy2PDQCfdaZn >hCnpBASfkkjXhcVpjxc5jA8= >=PlvY >-----END PGP SIGNATURE----- > > >-- >"Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawgster(at)gmail.com > ferg's tech blog: http://fergdawg.blogspot.com/ >_______________________________________________ >Fun and Misc security discussion for OT posts. >https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
