World-Check blacklist of 2.2m suspected criminals listed for sale on Dark Web
Authenticity of the leaked data has been called into question.
An alleged copy of a global database used by governments, intelligence agencies and banks has been put up for sale on the Dark Web, potentially exposing millions of suspected terrorists and individuals linked to organised crime.
On 29 June, the database in question, called World-Check, was uncovered online by a security researcher called Chris Vickery, who subsequently reported the issue to Thomson Reuters, the organisation that manages its content.
As previously reported, it was believed the information had been successfully contained after being left exposed by a third party on a misconfigured database.
Yet now, a vendor using the name 'bestbuy' has put what purports to be the contents of the database up for sale on an underground marketplace called The Real Deal.
The data dump, which claims to contain over 2.2 million records from 2014, is being sold for 10 bitcoin, equivalent to roughly £5,000 ($6,600, €5,940) at the time of writing.
On the website, bestbuy, referencing the previous leak, wrote: "World-Check DB grabbed from the CouchDB leak. 2,230,000~ records from 2014. Please do not ask to look for people, if you want the db buy the db."
On The Real Deal, which has been used by vendors to host some of the biggest data breaches in recent months, the same vendor – who currently has a 100% positive feedback rating – is also selling the contents of the massive LinkedIn breach, alongside a cache of stolen WordPress login credentials.
However, Vickery has called the authenticity of the records into question. In an email to IBTimes UK, the MacKeeper security researcher said he was "highly sceptical" of the posting.
He explained: "The person that put up the Real Deal posting is citing different record totals than I recall seeing and has offered no proof that they actually have a copy of the database. The only statements I've seen from the seller, 'bestbuy', appear to reflect general information that anyone could have gathered from news reports."
He added: "I want to unequivocally state that I am not the person trying to sell this alleged copy of the World-Check database. And, to the best of my knowledge, it is not anyone that I have ever had contact with."
The controversial World-Check database system, which has in the past been accused of providing false positives, collates 'risk profiles' on individuals with suspected links to terror groups, political corruption or dodgy financial backgrounds.
The data is gathered from "independent global media reports" and individual profiles for each individual are then compiled. According to Reuters, the records are collated by "more than 350 research analysts based in 11 research centres across five continents."
When it was first exposed, Vickery granted IBTimes UK access to the leaked information and it contained 2,248,125 records stored in categories such as corporate, military, terrorism and crime. World-Check, based on public reports, is used by 49 of the 50 largest financial institutions, more than 300 government and intelligence agencies, and nine of the top 10 global law firms.
Previously, a Thomson Reuters spokesperson told IBTimes UK: "[Thomson Reuters] immediately took steps to contact the third party responsible – as a result we can confirm that the third party has taken down the information. We have also spoken to the third party to ensure there will be no repetition of this unacceptable incident."
Now, it seems the database, thought to have been supressed from the public, could soon be in the wild. When contacted, Thomson Reuters told IBTimes UK it is investigating the issue.
Update 15 July: A second "legitimate" advertisement has hit the Dark Web and is being sold for 3.5 bitcoin (£1750). The vendor – called DataDirect – provided screenshots of the data as proof.
The seller said: "This is the 2014 version with 2,240,000+ records. Look at screenshots for proof that this is original and legit. Those screens have not been released before. Special introductory price to gauge interest. Price may increase depending on demand. Comes as 600mb compressed .json file."
© Copyright IBTimes 2024. All rights reserved.