Feeds

‘Open and helpful community’ – of credit card thieves

Honeynet shows carders are getting slick

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Credit card fraud "power users" with programming skills and no fear are making it easier for newbies to break into white collar crime, according to a report from the Honeynet Research Alliance this week.

The report draws on data gathered earlier this year when a fraudster looking for a random host to put between himself and IRC wound up cracking a research honeypot maintained by students and faculty at Azusa Pacific University, as part of a loosely affiliated gaggle of deliberately hackable hosts and networks organized around the non-profit Honeynet Project.

Researchers secretly monitored the intruder as he joined an IRC channel on DALnet dedicated to obtaining, verifying and swapping credit card numbers, along with matching names, addresses, and everything else a good carder needs to begin ordering goods and services illicitly.

From early April to mid-May they watched the intruder move through a dozen chat rooms with names like "#ccinfo," "#ccpower," and "#virgincc." They also joined some of the channels themselves. They found a surprisingly open and helpful community of credit card thieves, where experienced fraudsters offered advice to newcomers, and stolen credit cards were given away freely to neophytes -- at least, in small amounts.

"They weren't trying to hide this at all, it was just completely out in the open," says Patrick McCarty, an undergraduate at the university, and a co-author of the report. "You'd think they would want to keep a lower profile."

Carding Commands

The researchers were also impressed by the level of automation that a handful of sophisticated carders brought to the scene. Fraud-oriented IRC bots made the channels more than just a communications medium. Carders could type in commands like "!chk" to verify that a credit card number is correct, and "!bank" to identify the bank that issued a particular card.

Daring fraudsters looking to get credit card numbers directly from a vulnerable e-commerce site could avail themselves of the "!cardable" command, which returns the URL for sites known to be vulnerable to attack. For more help, the "!exploit" command yielded URLs that a beginner could cut-and-paste into their browser to exploit known application-level Web server attacks. If they weren't up for cracking a host personally, the "!cc" command dispensed a single stolen credit card number from a database.

"Users need master only a series of custom IRC commands to carry out many key activities of credit card / identity theft," the report found.

One command, "!cclimit," even produces the spending limit on a particular card number, according to the report. Where that information comes from is unclear; the report's authors believe some of the bots are interfacing in real time with credit card company databases. "That's what we're particularly interested in," says McCarty. "They seem to have an automated system for doing that."

The Research Alliance's monitoring also produced logs of corrupt merchants offering to sell large quantities of card numbers for a percentage of the take, though the report concluded that bulk transfers were handled in private chats, or outside of IRC.

The channels named in the report have since been shutdown by DALnet, says McCarty. "We've turned a substantial amount of data over to the FBI," he adds.

© SecurityFocus

Related stories

Trojan serves porn off home PCs, not many dead
Chip and PIN: not enough to beat card fraud
California enacts full disclosure security breach law
Joe Public blames banks for credit card fraud
Credit card firms 'profit from Net fraud'
Schoolgirl turns tables on email credit card fraudster

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.