I came across an interesting article in Vice – Crook Sells Access to Data Tool Used by Private Investigators.

In the report, Joe Cox found that a fraud-focused community on Telegram is advertising access to TLO, a data tool typically used by private investigators to obtain sensitive information on targets, including their Social Security Number (SSN), date of birth, and physical address history.

A famous investigator, Igor Ostrovsky weighed in saying, “This is very powerful information that can help professionals with fraud investigations. Or can help criminals commit fraud as well as a variety of other crimes,”.

A Quick Search on Telegram And You Easily Find Ads Promoting The Same Thing

You don’t have to look far to find exactly what is being described and it’s not just on one fraud channel but several different channels like AioCrime, Darkside Forum, MMG Arena, and many other popular channels.

The services offer look-ups of individuals’ social security numbers, dates of birth, and driver’s license information. This information is often sought after by people that have bought identity lists but need to find additional information to create a full identity profile. For example, a fraudster may have a valid name and address, and date of birth but they need to find the social security number so they can apply for accounts online. In other cases, they may want to get the Drivers License number to create more realistic-looking counterfeits.

These Accounts Are Either Compromised Or Being Misused By Legitimate Subscribers

TLO accounts are highly used and only available for use by law enforcement, fraud investigators, repossession agents and skip tracers.

In these cases, it appears that the accounts listed for sale have either been taken over by fraudsters or those accounts are being exploited by legitimate subscribers.

In some cases, employees of skip tracing or collections companies are granted access to the tool so they can locate consumers that owe debts. Unscrupulous employees looking to make a quick buck might sell access to the service or their logins to make quick money from fraudsters.

In any case, fraudsters are able to gain access to the same powerful tools that fraud fighters use to prevent these crimes from occurring in the first place.

TLO Has Been Used By Fraud Gangs Before To Steal Identities for Their Shopping Sprees

This wouldn’t be the first time that TLO was used for nefarious purposes. In 2018 authorities busted Tony Da Boss (Damonte Withers) who was a rapper and ran the group FreeBandz Gang for over $1.2 million in fraud and identity theft.

Their crimes would have been pretty ordinary, had it not been for the way that they obtained the identities. Authorities allege that Withers gained access to the holy graille of identity information – TLO to get the identities of more than 350 million Social Security numbers of dead and living Americans, 225 million employment histories, and four billion address records.

The gang was able to get access to TLO directly from people that had access to it. They were able to get more than one sign-on. According to Forbes, they recruited a woman named Lakesiah Norman. Norman had direct access to TLO through her part-time work at an unnamed Charlotte debt collection agency between May and October 2017. 

Norman would query the database, find people with good credit ratings who were ripe targets for identity theft and sell their information, including name, Social Security number and date of birth. Norman did this for at least 20 people, charging just $100 for each victim’s data.

CPN Companies Leverage Public Records Tools As Well To Find “Clear” Social Security Numbers

And it isn’t just Telegram fraudsters that leverage these services. CPN companies that help individuals create synthetic identities have been advertising their use of Lexis Nexis to verify social security numbers for years.

By using Lexis Nexis, these companies claim that they are able to find CPN’s (aka stolen social security numbers) that have been issued yet are not associated with any other public records – making them essentially “clear” of any red flags.

LegalCPN for example, claims they do a 47 point Lexis search before sending their CPN’s to the buyer.

And SuperCPN promises the same thing indicating that their CPN’s are “Safescan, Choice Point, and Lexis Nexis clear”.

These search tools provide investigators with tremendous benefits in stopping fraud, but its obvious that when they are in the wrong hands they can be used for enormous bad too.