This past week saw the launch of a new global security project, Internet Fraud Alert, which aims to provide a single, secure channel by which security researchers can report stolen consumer credentials (such as passwords and credit card numbers). According to an article about the announcement at Ars Technica, the service should make it easier to ensure that, when stolen information is found, it can be communicated promptly to the appropriate organizations.
It is often difficult for people who discover vast amounts of stolen credentials stashed on servers and sites such as Pastebin.com to bring it to the attention of the proper authorities. Many organizations don’t bother to make reporting stolen data easy, and even then, it can be difficult to convince a bank or law enforcement that the information found is legitimate.
The technology used at the site was developed by Microsoft, and donated to the National Cyber-Forensics and Training Alliance, a non-profit organization that provide training to fight cyber-crime. Other sponsoring organizations include Accuity, the American Bankers Association, Anti-Phishing Working Group, Citizens Bank, eBay, the Federal Trade Commission, National Consumers League, and PayPal.
One potential problem with the new service is that anonymous submissions are not allowed. This might prevent an insider at a questionable organization from providing information for fear of the consequences if his identity is disclosed. Still, it seems like a worthwhile step to make life a bit more difficult for the Bad Guys.
Update Saturday, 19 June, 15:40 EDT
Microsoft has a news release available with some additional background information on the project.