lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAC_8ZCfOg-=XdPVv_EC338OHgjLZj_rSQDeViJmpF_BbZZTfXw@mail.gmail.com>
Date: Sun, 30 Oct 2011 17:10:45 -0700
From: Dancho Danchev <dancho.danchev@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Exposing the Market for Stolen Credit Cards Data

What's the average price for a stolen credit card? How are prices
shaped within the cybercrime ecosystem? Can we talk about price
discrimination within the underground marketplace? Just how easy is to
purchase stolen credit cards known as dumps or full dumps, nowadays?

In this intelligence brief, I will expose the market for stolen credit
cards data, by profiling 20 gateways for processing of fraudulently
obtained financial data.

Key summary points:

- Tens of thousands of stolen credit cards a.k.a. dumps and full dumps
offered for sale in a DIY market fashion
- The majority of the carding sites are hosted in the Ukraine and the
Netherlands
- Liberty Reserve is the payment option of choice for the majority of
the portals
- Four domains are using Yahoo accounts and one using Live.com account
for domain registration
- Four of the domains are using identical name servers
- Each DIY gateway for processing of fraudulently obtained financial
data has a built-in credit cards checker or offers links to external
sites performing the service
- Several of the fraudulent gateways offered proxies-as-a-service,
allowing cybercriminals to hide their real IPs by using the malware
infected hosts as stepping stones

Reference:
http://ddanchev.blogspot.com/2011/10/exposing-market-for-stolen-credit-cards.html

Regards
-- 
Dancho Danchev
Cyber Threats/CyberCrime Analyst | Security Blogger, ZDNet at CBS Interactive
Personal Blog: http://ddanchev.blogspot.com
ZDNet Blog: http://blogs.zdnet.com/security
Twitter: http://twitter.com/danchodanchev
LinkedIn: http://nl.linkedin.com/in/danchodanchev
Facebook: http://facebook.com/dancho.danchev
Skype ID: dancho_danchev_

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ