Are you document scans safe??

[dunover]

You do not have permission to view link Log in or register now.

This story is a year old BUT where on earth did this bloke get 5000 passport/doc scans from? These surely must've been stolen or hacked from an online casino? I doubt they came from a webwallet company as they don't usually ask for passports/ID scans just automated banking verification. I wonder if he has been responsible for any of the duplicate account PAB's received on here, i.e. somebody who hasn't been paid as the casino alleged duplication? Plus he had docs from US/Canada/NZ/Aus players.

 

[skiny]

Just fax your documents. Nobody can read those anyway.

In 1964 the Xerox Corporation introduced what many consider to be the first commercialized version of the modern fax machine. 49 years later people all over the world are receiving faxes almost every minute of of every day and saying "Can you resend it? I can't read the bottom half."

 

[vinylweatherman]

At his address they discovered more than 5,900 scans of passports, identity cards, utility bills and bank statements relating to people from countries including the US, Canada, Australia and New Zealand.

It does rather look like he got hold of a casino's verification database. It's not just passports, but for each ID he seems to have the set that players have to send to a casino on their first withdrawal.

I expect he is merely an end user, having bought these files from a criminal network.

It is also possible that the network obtained these documents by opening a "front", a fake casino like, for example, Ministering Angel, and asked players to send in their documents after they requested their first withdrawal. They could have run the scam for as long as they could circulate the money among the players, and then simply done a runner once they had enough documents to sell on.

I am surprised the UK Gambling Commission and the police's own gambling unit didn't pursue this worrying question of "where did 5900 sets of player details come from", because as players we KNOW that the current verification systems are riddled with enough security weaknesses that it is only a matter of time before a very large database, and a COMPLETE one, gets stolen from a casino and then sold on to the criminal "fraud rings".

He was not convicted of "bonus abuse", but of FRAUD. Mere "bonus abuse" is a civil contract matter that would never go in front of a criminal court, and in this industry, rarely goes before a civil court either.

 

[Mousey]

Discussed last year.... https://www.casinomeister.com/forums/threads/3yrs-jail-for-uk-bonus-abuser.49692/

And as is usual with 'news' I never could find a follow up or any more info on it. Like you guys, I'm interested in where the hell those docs came from and in prosecuting the thieves he bought all those docs from -or, the outfit(s) he hacked into to steal them.

And there has never been a doubt in my mind that all these personal and financial documents we spew all over the web and phone lines willy nilly are not in the least 'safe'.

 

[vinylweatherman]

Discussed last year.... https://www.casinomeister.com/forums/threads/3yrs-jail-for-uk-bonus-abuser.49692/

And as is usual with 'news' I never could find a follow up or any more info on it. Like you guys, I'm interested in prosecuting the theives he bought all those docs from -or, the outfit(s) he hacked into to steal them.

That's the problem. They got their conviction and that was the end of it. It seems they are treating this as a one off, but there are still nearly 6000 full sets of documents out there in the hands of criminals, and probably still being used to defraud online casinos.

There are probably many more, he only bought 6000 as it was what he felt he could handle.

 

[anniemac]

This is kinda off topic for this topic but in the same vein.

I found out last year that my identity had been stolen. I posted about it here when I found out about it but I'd like to tell the end of the tail just to let folks know how out government deals with this.

Found out thru a letter from the IRS that income tax report had been filed in my name, ss# and address off my drivers license. I kinda laughed it off but called them anyway, thinking it was a mistake on their part. No mistake. Someone had my information and filed and income tax return for a refund of around $6000.

Did I get any kind of information from the IRS? No. Did they give me any information about what was found out in the investigation? No. Did they offer to help me with any repercussions from this? No. I was told that they could not give me any information regarding the investigation because it was - wait for it - PRIVATE!!! I didn't file the return so I couldn't get one piece of information about it. My name, my social security number, my address but I couldn't get any info. I can't even file criminal charges because they won't tell me anything.

The government handles identity theft just like they do the 'war on drugs'. They like to spout a lot of BS about how they take it so seriously but it's just a load of BS. They don't give a fat rat's ass what problems are caused by this and they sure a heck won't help you out.

In my own digging around I found that most likely the tax return was filed by an inmate. Seems like this is a booming business in the US. Someone outside gets your info and sells it to an inmate in prision. They in turn file electronically, therefore no need for paper tax information.

Having some idea of how IP address work and that they can be traced and pinpointed, I know dang good and well they know where this originated and pretty much who. I was under the impression that when you became a inmate, you lost most of your rights, the first of which is privacy but guess I was wrong.

Sorry about the rant and the off topic, but it just pisses me off that something like this can happen and then the law enforcement/government just blows it off.

 

[dunover]

It only needs one bent employee with a carelessly used password and a single USB stick and a whole casino's info is gone. That simple. And worrying.

 

[vinylweatherman]

This is kinda off topic for this topic but in the same vein.

I found out last year that my identity had been stolen. I posted about it here when I found out about it but I'd like to tell the end of the tail just to let folks know how out government deals with this.

Found out thru a letter from the IRS that income tax report had been filed in my name, ss# and address off my drivers license. I kinda laughed it off but called them anyway, thinking it was a mistake on their part. No mistake. Someone had my information and filed and income tax return for a refund of around $6000.

Did I get any kind of information from the IRS? No. Did they give me any information about what was found out in the investigation? No. Did they offer to help me with any repercussions from this? No. I was told that they could not give me any information regarding the investigation because it was - wait for it - PRIVATE!!! I didn't file the return so I couldn't get one piece of information about it. My name, my social security number, my address but I couldn't get any info. I can't even file criminal charges because they won't tell me anything.

The government handles identity theft just like they do the 'war on drugs'. They like to spout a lot of BS about how they take it so seriously but it's just a load of BS. They don't give a fat rat's ass what problems are caused by this and they sure a heck won't help you out.

In my own digging around I found that most likely the tax return was filed by an inmate. Seems like this is a booming business in the US. Someone outside gets your info and sells it to an inmate in prision. They in turn file electronically, therefore no need for paper tax information.

Having some idea of how IP address work and that they can be traced and pinpointed, I know dang good and well they know where this originated and pretty much who. I was under the impression that when you became a inmate, you lost most of your rights, the first of which is privacy but guess I was wrong.

Sorry about the rant and the off topic, but it just pisses me off that something like this can happen and then the law enforcement/government just blows it off.

They have this paranoia about terrorists, yet don't seem that bothered in trying to get to the bottom of ID fraud. ID fraud is a major tool used by terrorists as well as criminals just wanting to make money. If you can take over someone's ID well enough to get a passport in their name, but with your photo on it, and you are a terrorist, you will have no trouble getting in and out of the country when you want. It will only get spotted if the genuine owner of the ID decides to travel, so if the victim is chosen carefully enough, a criminal can be almost certain of not getting caught through a data discrepancy, like leaving the country twice without having reentered between.

It seems this is rampant in the UK, with criminals freely coming and going on someone else's identity.

Perhaps in this case, the $6000 wasn't paid out, so the claim was just binned and the case closed. No interest in going after the person who did it, nor of reassuring the victim that this is not a major problem now that the fraud has been stopped in it's tracks, and helping them come to terms with what happened. Maybe they are in denial about how serious this problem is, and the risk is that it could get so bad that people will lose confidence in the ability of the government to govern, and the administrators to administer. The only winners then would be the scammers, as they will have broken the system, which might make scamming even easier because people just give up fighting it and try their best to just isolate themselves as much as possible from the risk.

 

[P.V.]

It does rather look like he got hold of a casino's verification database. It's not just passports, but for each ID he seems to have the set that players have to send to a casino on their first withdrawal.

It is also possible that the network obtained these documents by opening a "front", a fake casino like, for example, Ministering Angel, and asked players to send in their documents after they requested their first withdrawal. They could have run the scam for as long as they could circulate the money among the players, and then simply done a runner once they had enough documents to sell on.

It's occurrences like this that's requiring PV in order to be licensed within the U.S. to allow newly licensed U.S. sites only, no offshore sites.