Language Selection

English French German Italian Portuguese Spanish

Black Market in Stolen Credit Cards

Filed under
Security
Web

"Want drive fast cars?" asks an advertisement, in broken English, atop the Web site iaaca.com. "Want live in premium hotels? Want own beautiful girls? It's possible with dumps from Zo0mer." A "dump," in the blunt vernacular of a relentlessly flourishing online black market, is a credit card number. And what Zo0mer is peddling is stolen account information - name, billing address, phone - for Gold Visa cards and MasterCards at $100 apiece.

It is not clear whether any data stolen from CardSystems Solutions, the payment processor reported on Friday to have exposed 40 million credit card accounts to possible theft, has entered this black market. But law enforcement officials and security experts say it is a safe bet that the data will eventually be peddled at sites like iaaca.com - its very name a swaggering shorthand for International Association for the Advancement of Criminal Activity.

For despite years of security improvements and tougher, more coordinated law enforcement efforts, the information that criminals siphon - credit card and bank account numbers, and whole buckets of raw consumer information - is boldly hawked on the Internet. The data's value arises from its ready conversion into online purchases, counterfeit card manufacture, or more elaborate identity-theft schemes.

The online trade in credit card and bank account numbers, as well as other raw consumer information, is highly structured. There are buyers and sellers, intermediaries and even service industries. The players come from all over the world, but most of the Web sites where they meet are run from computer servers in the former Soviet Union, making them difficult to police.

Traders quickly earn titles, ratings and reputations for the quality of the goods they deliver - quality that also determines prices. And a wealth of institutional knowledge and shared wisdom is doled out to newcomers seeking entry into the market, like how to move payments and the best time of month to crack an account.
The Federal Trade Commission estimates that roughly 10 million Americans have their personal information pilfered and misused in some way or another every year, costing consumers $5 billion and businesses $48 billion annually.

Full Story.

More in Tux Machines

The current state of Drupal security

Greg Knaddison has worked for big consulting firms, boutique software firms, startups, professional service firms, and former Drupal Security Team leader. He is currently the director of Engineering at CARD.com and a Drupal Association advisory board member. Michael Hess works with the University of Michigan School of Information and the UM Medical Center teaching three courses on content management platforms and overseeing the functionality of hundreds of campus websites. He serves in a consulting and development role for many other university departments and is the current Drupal Security Team leader. He also consults with BlueCross on large-scale medical research projects. Hess is a graduate of the University of Michigan School of Information with a master's degree in information. Read more

Ultimate Boot CD Live Aims to Become a Parted Magic Replacement, Based on Debian

The development team behind the popular UBCD (Ultimate Boot CD) project have announced recently that they are working on a Live version of Ultimate Boot CD, which is currently based on the Debian GNU/Linux operating system and has the ultimate goal of becoming a Parted Magic replacement. Read more

Linux Kernel 3.14.40 LTS Arrives with ARM Improvements, Updated Drivers

Linux kernel 3.14.40 LTS arrived a few days ago, as announced by Greg Kroah-Hartman on the kernel mailinglist, and it brings a number of important improvements to the ARM and PowerPC architectures, as well as several updated drivers. Read more

CoreOS Gives Up Control of Non-Docker Linux Container Standard

Taking a major step forward in its quest to drive a Linux container standard that’s not created and controlled by Docker or any other company, CoreOS spun off management of its App Container project into a stand-alone foundation. Google, VMware, Red Hat, and Apcera have announced support for the standard. Becoming a more formalized open source project, the App Container (appc) community now has a governance policy and has added a trio of top software engineers that work on infrastructure at Google, Twitter, and Red Hat as “community maintainers.” Read more