 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | Interview with a malicious hacker making over $10,000 a week"Technology has always fascinated me, especially online security, or rather the lack of security that we can find everywhere on the Internet. That's why I like poking around and finding new methods the bad guys are using to cause mayhem in our daily lives. That's also why I spent a lot of time on IRC (Internet Relay Chat) this past week, more precisely in channels dedicated to people trading stolen identities and credit card numbers. That's where I met ''d0g'' (obviously not his real name) and we started chatting about how some of these guys operate. After just a few days, I had a good idea of what the process involved, and I was amazed at a few things: How easy it is to steal large amounts of money using nothing but the Internet, and how widespread the problem seems to be."
see more here
»dendory.net/blog.php?id=50229fec
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
 SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:6
 ·RoadRunner Cable
 ·Clearwire Wireless
| It’s good to see the matter of stolen credentials getting attention & nothing personal against the blogger but the miscreant he based his blog on sold him a bill of goods & the blogger bought it.
The following notes were hastily written but I am an expert in how stolen credentials are monetized online.
The problematic statements are as follows
Re The title:
“Interview with a malicious hacker making over $10,000 a week”
Sure, some actors have earned 10K in a week but that figure is not an average for an actor working alone or even close to an average.
Re ”The second thing I quickly discovered is how easy this all is. While some of them will trade stolen identities or full CC info on IRC, now most of that business seems to be done on a large number of underground web sites. This one for example shows a never ending list of items that get sold for as little as $3 each, available to anyone who registers for an account”
That’s accurate but later the blogger states:
“And apparently, the reason why these stolen numbers are sold so cheaply is because a vast majority of them are either already canceled, or maxed out.
I’m not sure if that’s just a conclusion the blogger came to or if the actor he’s based his blog on had actually said that.
Either way, that’s not how it’s usually designed to work. If a buyer buys an invalid credential the shop will offer shop credit for the purchase price if reported to the shop usually within 24hrs of purchase.
It would make sense actor if the actor had said that to the blogger. Younger, inexperienced actors might accept paying for dead/bogus data, but for sure not an actor experienced enough to pull in 10K in a week.
Another item that should be clarified regards what the blogger referred to as
re “The hard part is covering your tracks, and 90% of the things these people do are for the sole purpose of covering themselves.
These actors do cover their tracks but it’s a simple as hijacking a few fast machines.
The ‘covering’ the blogger refers to is actually about shielding whatever transactions an actor is working on from being flagged as potentially fraudulent
e.g., using a geo correct IP, calling in or using a phone number consistent with the victims location etc… – it has nothing to do with protecting their own personal identity -
Re “So finally, the last question I had was how they manage to get actual, physical goods using that stolen credit, without having to divulge their address. The way I was explained is that all he has to do is post ads on eBay for popular items that he doesn't actually have. Then, when someone buys it, he turns around and buys that same item from some online store with the bought CC numbers, and puts the eBay buyer's address as the shipping location. He makes those stores send the products directly to his buyers, and gets clean cash for them, which he can spend any way he wants”
Most actors will be aware of the difficulty in having items purchased online with a credit/debit card shipped to alternate addresses. This is not an easy or common scam to pull off.
I suppose the bloggers young miscreant was just trying to impress the blogger more than he was passing on trade secrets or anything that resembled the reality of the current state of affairs. |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | |
|
SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:6 Reviews:
·RoadRunner Cable
·Clearwire Wireless
| said by Name Game:Question then;
What is average take per week ?
Exact figures aren't available but you can get clues by looking at their lifestyle.
e.g., an actor that replaces their BMW every 2-3 years isn't pulling in 10K week, the hotels they use when on vacation are not indicative of someone pulling in that sort of money.
Keeping those sort of items in mind along with these guys are not known for saving money you can come to an earnings range that is far below 10K a week.
said by Name Game:
For you take on covering their tracks...seems to me lately the authorities are catching many of the seller of these cards. How are they doing it ?
The links you provided answer that question.
The only thing I'd add to that is the success LE has is typically against the operators they have access to.
A CC shop operator in the Ukraine is not too concerned about US LE but that's changing (slowly) for the better. |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | Do you have any info/experience on using bit coins to buy these credit card..or using the stolen ones to buy bit coin ?
»keepyourassets.net/2012/04/30/ho···oin-tor/ |
|
SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:6 Reviews:
·RoadRunner Cable
·Clearwire Wireless
| 
Pick your IP's geo-location |
I'll go one step beyond that & say that bitcoin is not a must have item for cyber thieves in general.
Liberty Reserve was already established as the go to company for moving funds online when bitcoin made it's debut.
Coupled wth wm-money.com an actor has an anonymous, safe & dependable online banking system that can be created or abandoned at the drop of a dime.
»www.libertyreserve.com/
»www.wm-center.com/
From the link:
"Tor’s Hidden Servers provide a real insight to an underground world that once was limited to dark alleys, shady places, and dangerous criminals. Much like the Internet has expanded our e-commerce into a borderless global market, bitcoins and Tor have made shopping for illicit goods and services almost as easy as ordering an iTunes song on your computer."
That's great writing but it's more drama than fact.
These actors for the most part are the "dark alleys, shady places, and dangerous criminals." of the internet.
They are not running interference with tor in large numbers.
One of problems an actor will have with tor is when they are trying to appear as someone else they will use an IP that jives with intended victims IP to defeat certain security checks.
Socks proxy are much more commonly seen on a day to day basis & offer more features than tor. |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | Thanks for the update info...I did see where wikileaks were asking for donation in bit coins..and that reminded me not long ago the credit card wackos dealt in them for a while but did not know if it was successful.
»AntiLeaks group is DDOSing WikiLeaks Press.. |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to Snowy
Lost the hologram on your Visa / Mastercard / Amex? No problem, you can order a new one online:
»www.xylibox.com/2012/08/visamast···hot.html |
|
| reply to Name Game
Hi,
Thanks very much for this comment. It help me to think about my ideals.
Tks again and pls keep posting. |
|
