Feeds

‘Open and helpful community’ – of credit card thieves

Honeynet shows carders are getting slick

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Credit card fraud "power users" with programming skills and no fear are making it easier for newbies to break into white collar crime, according to a report from the Honeynet Research Alliance this week.

The report draws on data gathered earlier this year when a fraudster looking for a random host to put between himself and IRC wound up cracking a research honeypot maintained by students and faculty at Azusa Pacific University, as part of a loosely affiliated gaggle of deliberately hackable hosts and networks organized around the non-profit Honeynet Project.

Researchers secretly monitored the intruder as he joined an IRC channel on DALnet dedicated to obtaining, verifying and swapping credit card numbers, along with matching names, addresses, and everything else a good carder needs to begin ordering goods and services illicitly.

From early April to mid-May they watched the intruder move through a dozen chat rooms with names like "#ccinfo," "#ccpower," and "#virgincc." They also joined some of the channels themselves. They found a surprisingly open and helpful community of credit card thieves, where experienced fraudsters offered advice to newcomers, and stolen credit cards were given away freely to neophytes -- at least, in small amounts.

"They weren't trying to hide this at all, it was just completely out in the open," says Patrick McCarty, an undergraduate at the university, and a co-author of the report. "You'd think they would want to keep a lower profile."

Carding Commands

The researchers were also impressed by the level of automation that a handful of sophisticated carders brought to the scene. Fraud-oriented IRC bots made the channels more than just a communications medium. Carders could type in commands like "!chk" to verify that a credit card number is correct, and "!bank" to identify the bank that issued a particular card.

Daring fraudsters looking to get credit card numbers directly from a vulnerable e-commerce site could avail themselves of the "!cardable" command, which returns the URL for sites known to be vulnerable to attack. For more help, the "!exploit" command yielded URLs that a beginner could cut-and-paste into their browser to exploit known application-level Web server attacks. If they weren't up for cracking a host personally, the "!cc" command dispensed a single stolen credit card number from a database.

"Users need master only a series of custom IRC commands to carry out many key activities of credit card / identity theft," the report found.

One command, "!cclimit," even produces the spending limit on a particular card number, according to the report. Where that information comes from is unclear; the report's authors believe some of the bots are interfacing in real time with credit card company databases. "That's what we're particularly interested in," says McCarty. "They seem to have an automated system for doing that."

The Research Alliance's monitoring also produced logs of corrupt merchants offering to sell large quantities of card numbers for a percentage of the take, though the report concluded that bulk transfers were handled in private chats, or outside of IRC.

The channels named in the report have since been shutdown by DALnet, says McCarty. "We've turned a substantial amount of data over to the FBI," he adds.

© SecurityFocus

Related stories

Trojan serves porn off home PCs, not many dead
Chip and PIN: not enough to beat card fraud
California enacts full disclosure security breach law
Joe Public blames banks for credit card fraud
Credit card firms 'profit from Net fraud'
Schoolgirl turns tables on email credit card fraudster

Beginner's guide to SSL certificates

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.