Feeds

‘Open and helpful community’ – of credit card thieves

Honeynet shows carders are getting slick

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Credit card fraud "power users" with programming skills and no fear are making it easier for newbies to break into white collar crime, according to a report from the Honeynet Research Alliance this week.

The report draws on data gathered earlier this year when a fraudster looking for a random host to put between himself and IRC wound up cracking a research honeypot maintained by students and faculty at Azusa Pacific University, as part of a loosely affiliated gaggle of deliberately hackable hosts and networks organized around the non-profit Honeynet Project.

Researchers secretly monitored the intruder as he joined an IRC channel on DALnet dedicated to obtaining, verifying and swapping credit card numbers, along with matching names, addresses, and everything else a good carder needs to begin ordering goods and services illicitly.

From early April to mid-May they watched the intruder move through a dozen chat rooms with names like "#ccinfo," "#ccpower," and "#virgincc." They also joined some of the channels themselves. They found a surprisingly open and helpful community of credit card thieves, where experienced fraudsters offered advice to newcomers, and stolen credit cards were given away freely to neophytes -- at least, in small amounts.

"They weren't trying to hide this at all, it was just completely out in the open," says Patrick McCarty, an undergraduate at the university, and a co-author of the report. "You'd think they would want to keep a lower profile."

Carding Commands

The researchers were also impressed by the level of automation that a handful of sophisticated carders brought to the scene. Fraud-oriented IRC bots made the channels more than just a communications medium. Carders could type in commands like "!chk" to verify that a credit card number is correct, and "!bank" to identify the bank that issued a particular card.

Daring fraudsters looking to get credit card numbers directly from a vulnerable e-commerce site could avail themselves of the "!cardable" command, which returns the URL for sites known to be vulnerable to attack. For more help, the "!exploit" command yielded URLs that a beginner could cut-and-paste into their browser to exploit known application-level Web server attacks. If they weren't up for cracking a host personally, the "!cc" command dispensed a single stolen credit card number from a database.

"Users need master only a series of custom IRC commands to carry out many key activities of credit card / identity theft," the report found.

One command, "!cclimit," even produces the spending limit on a particular card number, according to the report. Where that information comes from is unclear; the report's authors believe some of the bots are interfacing in real time with credit card company databases. "That's what we're particularly interested in," says McCarty. "They seem to have an automated system for doing that."

The Research Alliance's monitoring also produced logs of corrupt merchants offering to sell large quantities of card numbers for a percentage of the take, though the report concluded that bulk transfers were handled in private chats, or outside of IRC.

The channels named in the report have since been shutdown by DALnet, says McCarty. "We've turned a substantial amount of data over to the FBI," he adds.

© SecurityFocus

Related stories

Trojan serves porn off home PCs, not many dead
Chip and PIN: not enough to beat card fraud
California enacts full disclosure security breach law
Joe Public blames banks for credit card fraud
Credit card firms 'profit from Net fraud'
Schoolgirl turns tables on email credit card fraudster

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.