"Researchers at TU/e Find Huge and Sophisticated Black Market for Trade in Online 'Fingerprints'"
Researchers at TU/e have discovered a sophisticated Russian-based online black marketplace in which hundreds of thousands of detailed user profiles are traded among cybercriminals. These profiles are personal fingerprints, which could be used to evade state-of-the-art authentication systems and gain access to sensitive information. User fingerprints can include technical information and behavioral features. The marketplace shares over 260,000 continually updated, detailed user profiles in conjunction with passwords and other user credentials. Researchers emphasized the systematic nature of the marketplace by stating that it offers Impersonation-as-a-Service (IMPaaS). The database can be searched for specific internet users, allowing the performance of highly dangerous spear phishing attacks. In addition, customers can download software that can automatically apply selected user profiles to targeted websites. This article continues to discuss the dependence on user credentials in the online economy, the drawbacks of Multi-Factor Authentication (MFA), the concept behind Risk-Based Authentication (RBA), and the online criminal marketplace that offers IMPaaS.