Underground carders market. Translation of the book "KingPIN". Chapter 11. "Script's Twenty-Dollar Dumps"

Kevin Poulsen, editor of the magazine WIRED, and in his childhood blackhat, the hacker Dark Dante, wrote a book about " one of his acquaintances ."

The book shows the path from a teenager-geek (but at the same time pitching), to a seasoned cyberpahan, as well as some methods of the work of special services to catch hackers and carders.

The beginning and the translation plan are here: “ Shkvoren: schoolchildren translate a book about hackers ”.
')
The logic of choosing a book for working with schoolchildren is as follows:

• there are few books about hackers in Russian (one and a half)
• There are no books about carding in Russian at all (there was one UPD )
• Kevin Poulsen - WIRED Editor, No Stupid Comrade, Authoritative
• to introduce young people to the translation and creativity on Habré and get feedback from elders
• schoolchildren-students-specialists work in spike very effectively for training and shows the significance of the work
• The text is not very hardcore and is accessible to a wide range, but it touches on issues of information security, vulnerabilities of payment systems, the structure of the carding underground, basic concepts of the Internet infrastructure
• the book illustrates that "feeding" in underground forums - ends badly

Who wants to help with the translation of other chapters write in a personal magisterludi .

(Regarding the order, they ask me many questions and advise me to publish the chapters one by one. I would also like that, but alas, since I work with a lot of people who, for example, have already translated 80% of the chapter, and then they have a force majeure on 2 We don’t want to put pressure on one side, on the other hand, postponing the publication of those who have already translated the next chapter is not entirely fair to them. Therefore, I’m publishing it.)

Chapter 11. Script's Twenty-Dollar Dumps

(thanks for the transfer thanks to the Find_The_Truth habraiser )

In the spring of 2001, about one hundred and fifty Russian-speaking computer criminals gathered in a restaurant in the port city of Odessa to discuss the launch of a revolutionary website. Among those present was Roman Vega, a 37-year-old man who sold fake credit cards through his online store BoA Factory (BOA - Bank Of America), a hacker (cybercrook), known as King Arthur and a man who could be their leader, a Ukrainian credit card vendor known as Script.

The meeting was prompted by the success of the British Fake Library site, launched in 2000. This site solved one of the main problems of communication in the criminal business through the IRC chat rooms, where freedom and many years of experience of crime burst like a bubble, it cost the chat to disappear. A library of fakes, founded by a handful of western hackers (cybercrook), gathered illegal textbooks, as well as a forum where thieves involved in frauds with documents could exchange tips, tips, buy and sell ID cards (analogs of documents (passport, rights, etc.) .)) - Euphemism, sustained in the same spirit as the "event" among prostitutes.

The fake library had much more in common with the BBS in anticipation of the Internet than with IRC. Users could post messages directly to forum threads, had a rating and nicknames. As soon as criminals from all over the world discovered this islet in the muddy, imaginary sea of ​​underground trade, the site gathered hundreds and then thousands of users from all over Europe and North America. Among them were people who committed frauds with passports, hackers, phishers, spammers, counterfeiters, people, carders, everyone who was hiding in their apartments and undergrounds, blind until now, when they discovered the vastness of this secret society.

The carders of Western Europe watched the Fake Library with envy. They wanted to do this trick in their own underground. The outcome of the June meeting in Odessa was the emergence of the International Union of Cards, abbreviated Cardplanet.com. Strongly organized, rethought library of fakes, which has become a pasture for the underground of the former sovestkoy empire. While the Fake Library was a careless forum, and BoA Factory was a simple, uncomplicated store, Carderplanet was a disciplined online market following the example of a trading exchange.

Do not hesitate of their intentions, the site has adopted the example of the Italian mafia to maintain a rigid hierarchy. The registered user was called “sgarrista” - a soldier without special privileges. Just above was “giovane d'honore", a man who helped regulate disputes under the supervision of "capo." At the top of the food chain was Don CardPlanet, Script.

Russian-speaking traders flocked to the new site to offer a different range of goods and services. Credit card numbers were the main product, but only at first. Some sellers specializing in “full info” could get a credit card number, owner’s name, address, insurance number and mother’s maiden name for only $ 30. Hacked eBay accounts cost only $ 20. Some ambitious buyers could spend $ 100 to “change the account” of a stolen card — a procedure where the owner’s billing address could be changed to the buyer's email address. Other merchants sold fake checks, money orders, or rented apartment addresses in the United States, where the purchased goods could be resold to a fraudster without fear of being caught. There were also procurements of credit cards with a magnetic stripe, “updates” of documents with holograms, which, depending on the quality, were sold from 75 to 150 dollars. It was possible to purchase a set of ten documents with the same photo, but with different names for $ 500.

Registration on CardPlanet was open to everyone, but in order to sell, merchants had to provide their goods or services for review by the reviewer. New traders were sometimes required permission from the Script or a pledge to an emergency fund, which was used to pay customers if the seller did not fulfill their obligations after payment. Sellers were required to keep up to date with their holiday plans, keep customer information safe, and respond promptly to customer complaints. Rippers, sellers who could not sell their goods, were banned, as was the case with any seller who had 5 complaints from customers.

Soon, imitating CardPlanet, a second site was created, aimed at English-speaking countries, Shadowcrew. In September 2002, after the overwhelming success of a strictly organized CardPlanet, carder under the nickname Kidd threw all the forces of the Fake Library to expand its business in Russia. News about the site has spread in IRC chat rooms, like in prison yards, and by April 2003, Shadowcrew had thousands of registered users.

With the motto “For those who like to stay in the shadows,” Shadowcrew was both a college at home and an online supermarket of everything illegal.
Their textbooks contained information on how to use stolen credit card numbers, forge a driver's license, crack an alarm, or make a silencer for weapons. The site could boast a wiki where it was possible to track the process of manufacturing a driver's license. Approved traders from all over the world provided a stunning array of illegal goods and services: credit statements, hacked bank accounts, names, dates of birth, and insurance numbers of potential victims of fraud. As on CardPlanet, each product had its own specialist, so each seller had to be verified by a trusted user of the site so that he could sell something. Disputes were considered carefully and judiciously - administrators and moderators worked overtime to expose and ban rippers who sold dummies.

Trade covered not only informational goods. Demand was also for things like ATM skimmers, drugs that were sold only by prescription, cocaine, as well as services that provide services for DDOS attacks: it was possible to “drop” the site and protect the attack from being detected by antivirus for $ 200. One of the verified vendors offered a service for obtaining technical certificates within a couple of days. The seller, called “Buy”, “Accelerates” (UBuyWeRush) “fired”, filling the underground with the programmers of magnetic strips of credit cards, as well as paper with watermarks and magnetic ink cartridges for check fraud.

Child porn was forbidden, and one of the vendors who asked to be allowed to trade exotic animals was ridiculed by the entire forum. But everything else was allowed on Shadowcrew. In the meantime, CardPlanet launched a thread on the forum for criminals from Asia, Europe and the States, but it was ShadowCrew that founded the real international market: a mix of Chicago Stock Exchange and a bar on Mos Eisley in Star Wars, where criminals of different specialties could meet and discuss their plans . A fraudster who falsified documents could buy credit card numbers in Denver from a hacker from Moscow, then send them to Shanghai, where they would make fake credit cards from them, and then take fake driver's licenses from a fraudster from Ukraine before going to the store.

Max shared his discovery with Chris, who was fascinated by new things. Chris registered on the forums, began to study their contents as a textbook. Little has changed since Chris dealt with credit card fraud in the eighties. However, some things have changed.

There was a time when rogues could get credit card numbers literally from a trash can, after digging in trash cans or from traces on the drums of printing machines. Now, mechanical printing is practically not used, Visa and MasterCard insist that transactions checks do not contain full card account numbers. Even if you manage to get a full number, this is not enough to make a fake credit card. Credit card manufacturers add a special unique code to each magnetic strip, like a PIN code, unknown even to the cardholder. This code is called a Card Verification Code (CVV). It is generated from other data on the magnetic strip — the account number and the card’s expiration date — then encrypted with a secret key that is known only to the issuing bank (card issuer). When using the card in the terminal, the CVV code is sent along with the card data for verification by the bank. If the data does not match, then the transaction is rejected.

After Visa introduced the CVV code in 1992, fraudsters began to fall sharply - from 0.18% per year from all Visa operations, to 0.15% a year later. In the 2000s, innovations proved that they are able to resist phishing attacks, in which spammers send thousands of fake emails in order to obtain user credit card information. Without a CVV code on a magnetic strip, which customers do not know, and therefore cannot be left anywhere, stolen credit card numbers become useless during operations. No one can go to the Vegas casino and buy black chips with a card that he received during a phishing attack. MasterCard followed suit Visa and released their own Secret Card Code (CSC). Further, in 1998, Visa introduced the CVV2 code - a secret code that is printed on the back of the card for the client, exclusively for purchases over the phone or on the Internet. This further reduced the losses of criminals and erected the China Wall between online and real-life fraud. Data stolen from database sites or phishing attacks could only be used during online operations, while magnetic strip data can be used anywhere except online operations, because they do not have a CVV2 code.

By 2002, security measures turned the data of magnetic strips into one of the most valuable goods of the underground, substituting customers for a blow. The hackers began to disrupt the data processing systems of the card centers, but the most common method of obtaining these cards was to hire a fast-food restaurant employee with a pocket skimmer that contained a magnetic strip reader and built-in memory. Smaller than a lighter, the skimmer could easily fit into the pocket of an employee’s apron or metrodiving suit, it could store data from hundreds of customer cards that could later be downloaded to a computer. A fraudster needs a second to read the data from the card via a skimmer.

In the late 90s, fraudsters began fanning outrages to major cities in the United States, in search of waitresses, waiters and other attendants interested in additional income, about $ 10 for one card run. Although it was risky, some gas station managers and workers could use the example of installing tiny cards on coin acceptors of pumps and terminals in retail stores. Some of the data could have been used on the spot, but most of it “floated away” to Eastern Europe, where the data was sold dozens, hundreds and even thousands at a time. Carders called this data dumps, each containing only two lines of text, each in its own path, 3 inches of magnetic tape.

Track 1: B4267841463924615 ^ SMITH /
JEFFREY ^ 04101012735200521000000
Track 2: 4267841463924615 = 041010127352521

An ordinary credit card dump cost about $ 20, $ 50 for a gold card and from $ 80 to $ 100 for a limited corporate card.
Chris decided to try carding. He learned that Script, the godfather of CarderPlanet, was the most reliable source of dumps in the world.

He paid the Ukrainians $ 800 for a set of 20 Visa Classic cards and about $ 500 for the MSR206, a favorite reader of magnetic stripe cards. After connecting the reader to a computer and installing the necessary software, he could take any Visa gift card or one of his own and decrypt it in two quick runs, with one of the Script dumps. With reprogrammed maps burning through a hole in his pocket, Chris looked through his personal guide and some retail stores, wondering about the possibilities. A simple card fraud is simple and cheap, but it had some limitations. Watching, Chris quickly determined that buying electronics and expensive clothes was not easy. There are some precautions: expensive stores require customer verification - he must enter the last four digits of the card, some POS terminals refuse to operate, but worst of all, when the digits do not match the magnetic stripe code. Reprogrammed cards were useful only where you yourself manage your card - at gas stations or in pharmacies.

Chris tried himself at the local supermarket. He indiscriminately filled his basket and paid for the goods by swiping a card through the POS terminal. A second later, the word "Paid" flashed on the display and somewhere in America a random person received a bill for 400 dollars for the purchase of products. Chris took his dishonestly purchased products to a married couple in Orange County, who was worse off than Chris - his work tools were stolen from her husband, so Chris took him to the store to buy new ones. Rumors began to circulate that Chris had credit cards that he began to distribute to some friends. They were always smart enough to make small purchases to Chris as a thank you. Chris was starting to see the outline of his business plan in his plastic operations. “Drop everything else, Max,” Chris said. Real money in dumps. "

To be continued
Read Chapter 12. “Free Amex!”