It was 'phishing' - eBay

Bryan Porter

Cape Town - The world's largest auctions website, eBay, on Wednesday "confirmed 100%" that a compromised database with user data did not come from its servers, saying they rather believe the information in the hands of South African police was the result of "phishing" efforts.

"Phishing," is the act of falsely claiming to be the website for a legitimate enterprise, for example eBay, in an attempt to scam Internet users into surrendering private information that could be used for identity theft.

Hani Durzy, eBay spokesperson, said, "'Phishing' has replaced spamming as the biggest problem on the Internet today. While spam is irritating, 'phishing' is dangerous." News24 and sister newspaper Beeld earlier this week reported that SA police were advising users who had transacted on eBay to "cancel their credit cards immediately following the hacking of an eBay database".

Durzy said, "This information clearly came from 'phishing' efforts and not from eBay's servers."

This view was supported by the US Embassy in Pretoria, speaking to News24 on behalf of the US secret service, saying, "We can confirm that the data in posession of the South African police was obtained from "phishing" and not from a hack on eBay's servers."

Director Lesley Magson, commander of the South African Police Service's commercial crimes unit in Johannesburg, said that police had considered "phishing" as a cause, but were not convinced as there was no single e-mail or website visited by the compromised users' which would have tied them together.

Beeld newspaper's Philip de Bruin, the journalist who broke the story on Monday, reported that a meeting has now been scheduled for Thursday to discuss the issue.

De Bruin said representatives from the commercial crimes unit, the US Secret service and eBay will be attending the meeting, but Durzy denied eBay's involvement.

No reason for alarm among card-holders

In the meantime Rodney Myburgh, chairperson of the South African Card Fraud Forum, said that the forum is investigating the matter following a meeting on Tuesday and Wednesday with Mastercard and Visa. Myburgh said at this stage there is no reason for alarm. He said the forum would immediately advise credit card holders to cancel their cards should this become necessary.

Gary Byrne, Mastercard's vice president for payment solutions, told News24 the majority of card-holders are US-based, with only a small number in South Africa. "We have passed the information we received from police on to member banks and other organisations. Banks are monitoring transactions for fraud, and if detected, those cards will be stopped."

'Police decision to go public not taken lightly'

Magson earlier said that the decision to go public with the information was not taken lightly.

"We found ourselves sitting with thousands of users' credit card details that could be used for committing crimes. The decision was not taken lightly, but in the interest of preventing (credit card) crime."

Magson said information about the compromised database was passed on to US law enforcement officials via the US Embassy, and then to eBay on July 5, when police received the database. Mastercard had also been given a copy of the database via its central control centre.

When police later realised that credit cards in the compromised database were still active, inspector Rian Visser of the commercial crimes unit decided to go public with the information.

Visser was instructed by his superiors on Wednesday to stop talking to the media, but before then had told News24 he obtained the "stolen" database with about 1 000 compromised user details from an unidentified source.

He said he then checked the fields in the database, and it corresponded with the fields on eBay. He said he then tried about 30 of the log-on details. "I was inside eBay, and could have purchased anything," he told News24.

News24, which has had constant contact with Durzy and SA police since Tuesday, has a list of the datafields in the compromised database in its possession and handed these to eBay on Wednesday.

Durzy, in reaction, explained that the datafields did in fact not correspond with those in the eBay database, indicating support for the belief that a "phishing" expedition was the cause for the compromised data.

419legal website

Magson on Wednesday also explained the fact that the commercial crimes unit made attempts to contact the credit card owners and were unable to contact all, prompted the posting of the credit card numbers in a single field database on Visser's website, 419legal.org.

Magson confirmed the website was a commercial crimes unit initiative.

In response to consumer complaints that this action could result in further fraud, police pointed out that in order to commit a fraudulent transaction, a fraudster would need the credit card number, expiry date and CVV number. Without the last two pieces of information, the numbers were "quite useless".

- News24