Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customise your settings, hit “Customise Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

Who's leaving Amazon S3 buckets open online now? Cybercrooks, US election autodialers

Hundreds of thousands of voter records and contact info spilled

Shaun Nichols in San Francisco Wed 18 Jul 2018 // 20:23 UTC

Security biz Kromtech has unearthed two more embarrassing – and potentially dangerous – cases of groups leaving mass data caches unguarded on the public internet.

In the first case, the culprit was an improperly configured AWS S3 bucket owned and operated by Robocent, a political robocalling company based in Virginia Beach, VA.

According to Kromtech head of comms Bob Diachenko, the storage bucket contained 2,594 files, including the audio files to be used in robocalls to voters and spreadsheets containing hundreds of thousands of US voters' contact details.

These records included voters' names, addresses, year of birth, phone number, political affiliation, and demographic info such as ethnicity and education level, all pieces of data that would be valuable to use in a spear phishing or social engineering scam.

Unfortunately, Diachenko said, it gets worse. It appears other sites have already collected and indexed the exposed data.

"What's more disturbing is that company’s self-titled bucket has been indexed by GrayhatWarfare, a searchable database where a current list of 48,623 open S3 buckets can be found," Diachenko explained.

The second case exposed by Kromtech could land a few people behind bars, if convicted, of course.

bucket

Millions of scraped public social net profiles left in open AWS S3 box

READ MORE

Researchers uncovered an exposed mongoDB instance that contained both credit card numbers and payment details. A bit more digging lead the researchers to a dump of Facebook and stolen email account data and info from freemium games that offer in-app purchases through virtual currency.

Eventually, the researchers were able to piece together what was going on. The stolen credit cards were being combined with the lifted data to set up Apple IDs on hundreds of jailbroken iPhones that could then be automated to create user accounts on installations of the free-to-play games. The fake game accounts then purchased in-app currency for the games and were re-sold to other players for cryptocoins or real-world currency.

In other words, the scammers were using fake game accounts on jailbroken phones to launder money from the stolen payment cards via the freemium games, and the criminals operating the scam had left the entire operation wide open to the public by not securing the database.

Kromtech said it had reported all of its findings to the US Department of Justice so that a criminal investigation could be opened. ®

22 Comments

Keep Reading

Biting the hand that feeds IT © 1998–2020

Your Consent Options Cookies Privacy Ts&Cs