How do you do this? (Specifically, with the companies you mentioned.)
Also, Krebs is a hell of a guy.
Then imagine someone else starts selling another tool. Anyone who buys that other tool is now able to beat the players you promised a win to, AND they're not giving you any money for it. This damages your reputation, which in an underground market is probably your most valuable resource. So not only are they not paying you, but they're robbing you of future sales by damaging your rep.
Wouldn't you put in something to prevent users of your newest cheat from being cheated themselves?
It is entirely possible to report inaccurate information to the bureaus. Although more often than not it’s on accident, not malicious. Additionally bureaus collect a lot of information from other sources. Some public some private. It’s possible for these datasets to be error prone themselves.
There are however official procedures for disputing/correcting errors in reporting and in my experience they do a pretty good job of validating everything (as that’s literally the business they’re in)
Someone managed to get his name and address and did not realize he was a minor. Brilliant system you have!
Anecdotally, I can't agree with this.
I'm six months in to trying to convince Equifax that I exist. Apparently they accidentally registered me as dead in their system, which has caused background checks on me, like when I registered my ABN, to fail. Turns out there are a number of government systems that have been outsourced to them.
They have twice manually intervened, and twice their automated processes have "corrected" their information and relisted me as deceased. And getting a manual intervention is a lot of complaints, and a lot of escalations.
I'd disagree with that. The three agencies have a couple of names I've never gone by (I go by my middle name, so I expect "Middle Last" and "First Last" but I never went by "First Mother's-Maiden-Name"), and a couple addresses I've never lived at on my records for 20 years. They refuse to remove them.
Of course, the real story could be hidden through parallel construction. But on it's face, this does support the argument that it's stupid mistakes that take people down. Krebs' blog is full of them.
Edit: And just to be clear, I'm not even suggesting support for that Ukrainian dickhead. It's just that criminal takedowns are well reported, and so provide cautionary lessons for the rest of us.
One possibility on the "cautionary lessons for the rest of us" front is a classic bit of wisdom about asymmetric adversarial situations: the other party only needs to get lucky once. There is a fundamental challenge of scale and time for any entity or individual that tries to run something dealing with persistent antagonists over long time periods, it just plain becomes hard to keep track of it all without further infrastructure systems in place. And its also hard for any single human to stay in the zone persistently, we're not really wired that way, hence the need for non-human support structures.
And that in turn is the same challenge for any business dealing with significant organic growth, criminal or not, it's the classic "that TOTALLY TEMPORARY one-off excel spreadsheet someone made 15 years ago now runs hundreds of millions of dollars" issue. It's hard to know ahead what will be important and sticky or not, even if experience helps. And it's hard to decide how to allocate limited resources too. Infrastructure you build helps you scale properly in the future, but it doesn't do anything for you right now, you might not even know you could need it. And overbuilding upfront might mean there is no tomorrow to worry about anyway.
It's a tough nut, though fortunately it's one area that is probably worse on the black side of things since there is less room for recovery from mistakes. Maybe it's one of the structural forces that can help encourage law abiding behavior, legit companies can mess up badly but still potentially recover if there is enough meat to them, whereas a total opsec break for criminals can mean the end of the enterprise.
Here's the translated PDF. Either the original Russian was hacked up already, or this translation is very iffy.
