Data protection specialists report that an unidentified threat actor is auctioning off a database with records of more than 90 million Brazilian citizens on dark web forums. The bidder states that each registration is unique and 100% real, making it possible to make a detailed profile of some of the people affected for malicious purposes.
It is possible to participate in this auction through various clandestine web markets that can only be accessed by being invited by one of the current members or by paying a fee.
The specialized platform BleepingComputer had access to some of the posts on one of these clandestine forums, where it was proven firsthand that the database being auctioned by the criminal(s) has 16 GB of information and is on SQL format. The initial offer is $15,000 and each new offer must increase at least a thousand dollars, data protection experts report.
The seller (self-named X4Crow) specifies that the records are organized by province and include personal details such as:
- Full names
- Birth dates
- Taxpayer identification keys (known in Brazil as Cadastro de Pessoas Físicaos), among other details
After obtaining a small sample of the database and comparing it to the Brazilian Federal Revenue website, BleepingComputer determined that the information actually belongs to Brazilian citizens.
The seller of this information has not disclosed its source, although according to the data protection experts, the details included in each record suggest that it is a database of the Brazilian government. Although the seller claims that the database includes more than 93 million unique records, experts consider this to be almost impossible, as these records must belong to the economically active population in Brazil, which according to the government today around 90 million, so it is highly likely that the database does include duplicate records.
X4Crow’s offering also includes a search service focused on the population of Brazil; on the auction site, the threat actor mentions that, by entering a small piece of data (such as full name, taxpayer identification key, etc.), it is possible to obtain relevant information about the inhabitants of Brazil. So far it is unknown how this user gained access to this database or if they have already received any offers.
Data protection experts from the International Institute of Cyber Security (IICS) mention that although there are no known records of previous activity linked to X4Crow, it is likely that whoever is behind this alias is not new to the business.” This hacker or hacker group has demonstrated ability to carry out various tactics typical of such incidents, such as presence in different dark web forums. In another of these forums, X4Crow also claims to have capabilities to offer other kinds of services, such as penetration testing, programming, and advice on malware-related topics.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.