Andy Kemshall, technical director of SecurEnvoy, recently said that the X-Factor US database hack is not only the latest in a string of attacks on corporate servers to extract personal data, but furthermore suggests that cybercriminals are now building information profiles on people, rather than developing frauds around available credentials.
"It's actually quite easy to see a pattern emerging in these attacks. Previously, frauds were card-centric and built around opportunistic database hacks, but the sheer volume of the system hacks in recent months suggests that there is a longer-term strategy involved," he said.
It's an interesting idea: one of the most effective online fraud deterrents available are services that analyze transaction histories to establish a customer's basic use profile. When a new transaction is sufficiently outside the norm, the transaction can be subjected to further scrutiny before it's approved. How would a serious hacker counteract the effectiveness of this defense? By building up their own profiles to go along with stolen credentials and making sure that fraudulent transactions were sufficiently within the norm that red flags weren't raised. Seems entirely possible.
