Underground carders market. Translation of the book "KingPIN". Chapter 12. “Free Amex!”

Kevin Poulsen, editor of the magazine WIRED, and in his childhood blackhat, the hacker Dark Dante, wrote a book about " one of his acquaintances ."

The book shows the path from a teenager-geek (but at the same time pitching), to a seasoned cyberpahan, as well as some methods of the work of special services to catch hackers and carders.

The beginning and the translation plan are here: “ Shkvoren: schoolchildren translate a book about hackers ”.
')
The logic of choosing a book for working with schoolchildren is as follows:

• there are few books about hackers in Russian (one and a half)
• There are no books about carding in Russian at all (there was one UPD )
• Kevin Poulsen - WIRED Editor, No Stupid Comrade, Authoritative
• to introduce young people to the translation and creativity on Habré and get feedback from elders
• schoolchildren-students-specialists work in spike very effectively for training and shows the significance of the work
• The text is not very hardcore and is accessible to a wide range, but it touches on issues of information security, vulnerabilities of payment systems, the structure of the carding underground, basic concepts of the Internet infrastructure
• the book illustrates that "feeding" in underground forums - ends badly

Who wants to help with the translation of other chapters write in a personal magisterludi .

(Regarding the order, they ask me many questions and advise me to publish the chapters one by one. I would also like that, but alas, since I work with a lot of people who, for example, have already translated 80% of the chapter, and then they have a force majeure on 2 On the one hand, I don’t want to put pressure on them, on the other hand, postponing the publication of those people who have already translated the next chapter is not entirely fair to them. Therefore, I’m publishing it.)

Read the previous Chapter 11. “Script's Twenty-Dollar Dumps”

Chapter 12. “Free Amex!”

(For the translation of thanks to Maria Borisyonok from “Greenhouses of social technologies”, they, by the way, are also looking for IT volunteers for non-commercial projects. “Greenhouse” has long been friends with hackspace and their team makes useful training workshops for beginners on OpenStreetMap and OpenPGP )

At dinner, Max lightly touched his plan with Charity. “What would you call the institutions that deserve the most to be punished?” He asked.

He already had a ready answer: loan companies. Greedy banks and credit companies, which threw their fingertips at an annual debt of 400 billion dollars, fueling credit interest and pushing children onto plastic before they graduate from college. The fact is that consumers are never liable for fraudulent fees — by law they can be billed for the first $ 50, but most banks have refused even that — credit card fraud has become a victimless crime paid by the soulless money of these institutions.

The loan was not real, Max talked about it as an abstract concept: he would steal the numbers from the system, not the dollars from someone's pocket. Financial institutions would cease to hold the consumer basket, because they deserve it.

Charity learned to accept the bitterness of Max, who appeared to him after returning from prison. Living with him meant never watching crime movies on TV, because any image of the police as good guys scattered Max. She was not completely sure what Max meant by now, and she did not want to know. But one thing was clear. Max decided that he would be Robin Hood.

Max knew exactly where to get the credit card information that Chris wanted. There were thousands of potential sources that were in sight like CarderPlanet and Shadowcrew. The carders themselves were his prey. Most of them were not hackers, they were just scammers who knew a little about fraud and nothing about computer security. This, of course, could not be more difficult than breaking into the Pentagon. It was also a morally acceptable proposal: he would steal credit card numbers that had already been stolen. The offender was going to use them, so he can pass for the crook Chris Aragon.

He began to choose a weapon, selecting a Trojan program that was already circulating online and setting it up so that the antivirus did not detect it. To test the results, he used the VMware computer software simulator, running dozens of different Windows virtual systems on his computer, each download with a different set of security programs.

When the malware went unnoticed by others, he proceeded to the next step: he collected a list of numbers from cards and email addresses from public forums, adding thousands of them to the database. Then, introducing himself as a well-known Hummer911 dumper, he sent a message to the entire list. The report said that Hummer911 acquired the dump database of American Express more than it could use or sell, so it is ready to give a part. “Click here,” wrote Max, “and get a free Amex!”. When the cardholder clicked the link, he found himself looking at fake Amex dumps. At this time, Max generates invisible code on a web page using a new Internet Explorer vulnerability.

The exploit took advantage of the fact that Internet Explorer can do more than just processing a web page. In 1999, Microsoft added support for a new file type called HTML Protocol. A file written in the same markup and the coding language used on websites also allows you to do something on a user's computer that a website cannot do. For example, creating and deleting files on demand or executing arbitrary programs. The idea was for developers to get used to programming for the web using the same skills as developing a fully functional desktop application.

Internet Explorer recognizes the HTML protocol, which can be deadly, and does not download them from the web, but only from the user's hard disk. In theory. In practice, Microsoft left a loophole in the browser's scanning of the content of web pages. Many web pages contain object tags — simple instructions that tell the browser to pick up something from a single web address (usually a movie or music file) and include it in part of the page. But it turned out that you can also download the HTML protocol through object tags and get the right to download it. You only need to disguise it a little.

While Max’s victims rejoiced at American Express’s fake dumps, invisible object tags, controlling their browsers, downloaded the malicious HTML protocol that Max coded, just in case.

It is important that Max gave the file the name ".txt" - a superficial indicator that this is a plain text file. Internet Explorer recognized the name of the file and decided that it would be safe to download. As soon as the browser started downloading the file, Max’s server turned its contents into “application / hta” content, which is identified as an HTML protocol. In fact, Max’s server changed the download history by offering a harmless document to be checked by the browser, which was defined as the HTML protocol, at the moment when the browser detected the file.
Because of the name, the file was saved as safe, and Internet Explorer did not recheck the data, once convinced of them.

This is how Max ran the HTML protocol instead of the web page. Max’s HTML protocol was written in a brief Visual Basic script that was launched by a small hook program on the user's computer. Max called the trap "hope.exe". Hope is the middle name of Charity. The trap, in turn, loaded and installed a Trojan horse. So Max was in control.
Carders like hungry piranhas gathered on the infected page. Hundreds of cars reported to Max on the readiness to work on him.

Agitated, he began to sort out criminal hard drives in a chaotic manner. He was surprised at how little time was spent on this. Most of his victims bought small bases of dumps, ten or twenty at a time (even less). There were many carders there, and nothing kept him from returning to their cars again and again. As a result, the attack of free Amex brought him about ten thousand dumps. He downloaded the dumps to Chris as soon as he found them, and looked through other useful data from his victims: details about frauds, stolen personal information, passwords, e-mail lists that use phishing, some real names, photos, mail and ICQ numbers of their friends - helpful people for the next attacks. With one well-built trap, he became invisible, built into the carders system. It was the beginning of something big. He seemed to be the head of carders, living only due to the fact that he could swim in their illegal economy. His victims could not call the cops, and with his anonymous Internet connection and a number of other precautions, he is safe from threats. This did not last long, before Max discovered that not all carders were who they say they are. The victim was at Santa Anna. When Max began to browse the computer through his “input”, he immediately realized that something was wrong here.
A program called Camtasia worked on the computer, which recorded all the movements on the screen - this is usually not the information that the criminal wants to hide. Max checked the hard drive, and his suspicions were confirmed. The disc is packed with reports from the FBI. Chris was shocked by the discoveries of the FBI agent in the fight against cybercrime - the agent’s hard drive provided potentially useful insights into the FBI’s methods. They talked about what to do next.

In some files it was indicated that the agent has an informant who provides him with information about the Script. It was the leader of the carders who sold his first dumps to Chris. Should they worry that a snitch appeared in the Script circle? They decided to do nothing. If they go bankrupt, Max thought that he would play this trump card. If it turns out that he accidentally hacked an FBI agent, then this could confuse the FBI, perhaps even costing a few sentences.

He returned to his work on hacking carders. He now knew that he was not the only outsider in the world of crime.

To be continued
Chapter 13. "Villa Siena"