Underground carders market. Translation of the book "KingPIN". Chapter 26. "What's in Your Wallet?"

Kevin Poulsen, editor of the magazine WIRED, and in his childhood blackhat, the hacker Dark Dante, wrote a book about " one of his acquaintances ."

The book shows the path from a teenager-geek (but at the same time pitching), to a seasoned cyber-pahan, as well as some methods of the work of the special services to catch hackers and carders.

The book translation quest started in the summer in the IT camp for high school students - “ Kingpin: schoolchildren translate a book about hackers ”, then Habrayusers and even a little editorial staff joined the translation.
')

Chapter 26. What's in your wallet?

(thanks for the translation thanks to al_undefined )

Sale of 100% tested fresh dumps (USA), discounts:

$ 11 MasterCard
$ 8 Visa Classic
$ 13 Visa Gold / Premium
$ 19 Visa Platinum
$ 24 Visa Signature
$ 24 Visa Business
$ 19 Visa Corporate
$ 24 Visa Purchasing
$ 19 American Express = price cut (was 24)
$ 24 Discover = price reduction (was 29)
Minimum order - 10 pieces.

Sale by card type. Not according to BINs (approx. Lane - identifier of the issuing bank).

The aggressive takeover, maxed out by Max, was made with the goal of uniting the forces of the community, and not with the goal of personal enrichment. Nevertheless, his business of selling stolen data from magnetic strips of plastic cards flourished more than ever after uniting the forums - he received about a thousand dollars a day, selling dumps to carders around the world, in addition to the five to ten thousand that he received from the partnership with chris.

In public, during the meetings of the FTC (Federal Trade Commission) or anywhere else, the credit card industry has struggled to hide the consequences of the increasing evidence of data theft from magnetic stripes around the world. Visa, a leader in the field of credit cards, supported the industry-funded report of Javelin Strategy and Research (a translation agency that deals with risks and opportunities in the following areas: mobile devices, payments, multichannel financial services, fraud and security), which blamed situations of consumers (clients), and not companies, are sources of draining credit card data and personal data theft: 63% of cases occurred due to the loss or theft of a wallet with subsequent data theft by trusted partners, theft of email e-mail and Dumpster diving.

The report was very deceptive - only the counting of cases in which the victim was aware of how information was stolen was conducted. Private data of the Visa company spoke about the real state of affairs. Stolen wallets were not the main source of fraud since mid-2001 - theft of card data from e-commerce sites broke all growth records among other types of card fraud, falsifying as a result of a transaction by phone or on the Internet - “no information was provided card ”(card-not-present, this type of fraud was most common at the time).

In 2004, when information stolen from magnetic tracks became a mass commodity in the underground community, losses on fake cards grew with the same speed. In the first quarter of 2006, fake cards in the style of Chris Aragon (Chris Aragon) knocked out card-not-present fraud from first place, exceeding $ 125 million of quarterly losses of Visa partner banks (excluding other types of fraud).

Almost all of these losses were due to the emergence of price lists like Max. At the Carders Market forum, the number of pages with positive reviews about the Digits seller grew, and, of course, his reputation as an honest merchant grew. This was the pride of Max and a sign of moral values ​​different from most, which was inherent in him from childhood. Max could, with great pleasure, hack a card and copy all the information stored on his hard drive, but if the client paid him for the information, he did not even consider the option of any intervention.

Max's generosity was also held in high esteem. If Max had dumps with an expiration date nearing completion, he preferred to give them away for free rather than leave to lie idle. Exemplary business management and the quality of the product being sold brought Max to the top five best dumpers (dumps vendors) in the world, although sellers from Eastern Europe usually dominated the market.

Max was careful with automatic sale procedures (vending). Refusing to sell dumps by BIN (bank identification number, ID of the issuing bank), he burdened the work of the feds: the government could not simply buy twenty dumps belonging to the same financial institution and ask the bank to check the total (similar) purchase point on transactions . Instead, all interested parties had to work closely with each other in order to identify the source.

In addition, only a few of the most trusted associates knew that Digits and Iceman were one and the same person - most of them were admins, for example, Chris, a Canadian carder under the pseudonym of NightFox and a new member of the team under the nickname Th3C0rrupted0ne.

With all the people from the scene that Max met, only Th3C0rrupted0ne had a roughly similar past hacking. While still a teenager, C0rrupted discovered a scene with content in electronic bulletin board systems, switched by dial-up modem, and then engaged in hacking for fun, standing under the beginnings of Acid Angel, -null- and other hackers. He hacked sites (defaced) for fun and later joined the group of hackers Ethical Hackers Against Pedophiles - vigilante gray hats (Ethical hackers against pedophiles - volunteers in gray hats) were formerly legalists who were engaged in the fight against organized crime. (Mafia))), who fought child pornography on the Internet.

Just like Max, he previously considered himself a good guy, until he became Th3C0rrupted0ne.

If we talk about other features, they had nothing in common. The product of a difficult childhood in a big city of a bedroom building (big-city housing project) C0rrupted became drug dealers at an early age and received the first term for carrying a weapon, back in 1996 when he was 19 years old. In college, I started making fake IDs (IDs, IDs) for friends and once his internet research (this is about finding ways to fake IDs) brought him to fakeid.net - a bulletin board where experts like ncXVI started activity. He graduated from university, getting the opportunity to get a low-paying job and engage in credit card fraud, just at the time when Shadowcrew ceased to exist, and then the search led him to the heirs of the ceased existence of the board. (He has been able to find out his way around the successor sites.)

The diplomacy and calmness of C0rrupted were universally liked by the participants of the stage and he enjoyed the privileges of moder’s or the admin privileges that he was given in most forums. Max entrusted him with an administrator position at Carders Market in the summer of 2005 and made him an unofficial representative after a hostile takeover ( hostile takeover ). About a week after C0rrupted took over the authority of admin, Max dedicated him to his secret that both Iceman and Digits, both of these nicknames, belong to Max.

“Obviously Digits is me too. I could say it right after I was sleeping in ICQ (speaking of our “forum” and other things).
In general, this is quite a big pain in the ass - to keep it secret from people I know and whom I trust, for example, from people like you. Something like that …

In any case, the difference is that Iceman is fully within the law. Digits - on the contrary, it violates. I thought that if I could divide the two activities in this way, then there would be no legal basis on which to rely on, taking the administrator’s position after “me” (I couldn’t keep for coming after “me” as the forum admin.). ”

Chris remained the greatest threat to Max’s security. Every time they came across their heads, Max remembered that he was vulnerable and he was dealing with a single carder who knew his face and was involved in his real personal life. “I can’t believe how much you know about me,” he squeezed out angrily at himself.

Meanwhile, Chris tried to introduce Max to the idea that they needed to do something serious, hit the jackpot, which would force them to leave the criminal business and do something legal, as an option, to found a new legal start-up for Chris in Orange County. He made a diagram and a step-by-step plan for both and called it "Whiz List" ("List of Virtuosos").

It was assumed that Max would penetrate the banking network and get the opportunity to transfer millions of dollars to accounts, which will give Chris. He must complete what he did from the very beginning of their partnership, from the very time when he worked from Chris's garage, when he hacked into small banks, accounts and loans. He had access to hundreds of such accounts and loans and could transfer money from clients' accounts — all that was needed was desire. But the final scheme hung in the design due to the fault of Chris. He had to find a safe haven for the money that Max would steal - some offshore depository, where they could transfer money without the risk that the affected bank would withdraw the transfer.

While he did not succeed.

Thus, in September, when Max discovered the critical zero-day vulnerability in the new Internet Explorer, he shared this news not with Chris, but with another partner who had great knowledge in international finance — the administrator of Carders Market under the nickname of NightFox.

The security breach was catastrophic - another buffer overflow, this time conceived for drawing vector graphics on the client (page visitor) side. Unfortunately for Max, hackers from Eastern Europe found vulnerability before him and already used it to the full. A computer security company has already discovered an exploit from Russian hackers that infected computers when visiting porn sites and sent it to Microsoft. The Department of Homeland Security issued a rather stupid prescription for IE users - “Do not open unwanted links.”

The vulnerability was known, but there was no patch yet. All IE users were vulnerable. Max received an exploit of Russian hackers in the early morning on September 26 and hurried to share it with NightFox with undisguised enthusiasm.

“Suppose that we get a free ticket for an attraction - have any company today,” Max wrote in the messaging system Carders Market. “Ok, please. No restrictions. visa.com. mastercard.com. egold.com. Any email box of employees for any purpose. Google. Microsoft. No matter. Everyone can be fucked right now. ”

Microsoft released the patch later in the day, but Max knew that even security companies would seriously take days or weeks to install the update on all employees' computers. The Russian exploit has already been detected by antivirus programs, so it amended it so that the characteristic features differed (signature) and drove through its anti-virus laboratory to make sure that it was not possible to detect.

The only thing left was social engineering — Max needed to be deceived by his goals so that they visited the website with an exploit. Max settled on choosing a domain name financialedgenews.com and placed it at the hosting provider ValueWeb.

NightFox returned with a list of goals - CitiMortage, GMAC, Experian's Lowermybills.com, Bank of America, Western Union MoneyGram, Lending Tree and Capital One Financial - one of the largest credit card issuers in the country. NightFox had extensive bases with internal addresses of employees of the companies, which he received from the company “competitive intelligence” (acquired from a “competitive intelligence” firm) and he sent Max thousands of addresses of each company to which they aimed.

On September 29, Max loaded the software of his address into his spam and started firing a personalized letter at his victims. The sender of the letter was listed as “Gordon Reily”, with the return address g.reily@lendingnewsgroup.com.

I am a reporter for Lending News and I am investigating (doing a follow up story) a recent story about a leak of customer data for Capital One. I noticed the mention of the name Mary Rheingold in an article in the Financial Edge and would like to arrange an interview to cover more details in the new article.
financialedgenews.com/news/09/29/Disclosure_Capital0ne

I would be very grateful if you find time to further discuss the details of the above article.

Each copy of the letter has been customized (personalized), so each employee will think that it is his or her name that is mentioned in the Financial Edge article. In Capital One, 500 employees, ranging from managers and ending with PR representatives and IT specialists, received a message. Approximately 125 of them clicked on the link and were forwarded to the village with the usual summary of the financial industry. While they puzzled over the page, a hidden exploit (hidden payload) leaked through the corporate firewall on their machines.

The exploit opened a loophole (opened a back door) that allowed Max to slip on the hard drives of the victims at his leisure and rummage in search of competitive information, analyze the internal banking traffic and steal passwords. This was not very different from what he did with thousands of Defense Department computers many years ago. Then, when it was a simple mischief due to curiosity.

To be continued