How I Wasted 4 Hours with a Criminal Hacker
Robert Siciliano Identity Theft Expert
Lately I’ve been coming across “advertisements” on forums, posted by criminal hackers looking to sell our stolen information. They are “carders,” selling “dumps” and “fullz.” Well, I decided to make contact with one of them to see what the deal is. It turns out the one I connected with was less than forthcoming, but was very persistent and more than likely has and will continue to scam people. Here is the FIRST and SECOND postings set up by criminals that I’ve found this week. The links are functional as of this posting.
The hacker I contacted immediately returned my email. I told him I was a journalist and wanted to do a story on him. I couldn’t have been more upfront with my intentions. I even provided him with a link to my website, but that didn’t seem to matter. He just wanted my money. First he wanted me to open up an instant message and connect with him via his Yahoo email. That way we could chat. But I wasn’t about to let him in via IM, because there are known hacks that can allow a bad guy into your PC via an IM service. So instead, I set up a private chat at tinychat.com.
What follows is an abridged version of our conversation. (The full version is here.) I am robertsicili, and the scammer is dskimmed2009 (how appropriate).
[11:50] robertsicili: who is here?
[11:51] dskimmed2009: yes its me man
[11:52] robertsicili: nice meeting u
[11:52] robertsicili: where are you from
[11:52] dskimmed2009: I Have told you already man
[11:52] dskimmed2009: or have u forgotten that man
[11:53] robertsicili: you havent told me
[11:53] dskimmed2009: oh okay man
He avoided the question.
[11:55] robertsicili: why did you agree to speak to me?
[11:55] dskimmed2009: what do u mean ?
[11:56] robertsicili: well, your business isnt a normal one and usually guys like you try to stay 100percent under the radar
[11:56] dskimmed2009: ahahaha
[11:56] dskimmed2009: very good man
[11:56] dskimmed2009: so u too which country are u from ?
[11:57] robertsicili: US
[11:57] dskimmed2009: VERY GOOD
All CAPS “VERY GOOD” tells me right away he thinks I’m an idiot.
[11:57] dskimmed2009: I’m 27 years of age and u?
[11:57] robertsicili: im 41
[11:58] dskimmed2009: wow…….then am small boy to u right
[11:58] robertsicili: youll be 40 before you know it
So small talk, getting used to each other.
[11:59] robertsicili: what country? your english is fine
[11:59] dskimmed2009: CVV,FULZ,DUMPS,BANKLOGINS,BANK TRANSFER,WU TRANSFERS,SKIMMING,ETC
He doesn’t want any more small talk. He want to get paid.
[12:00] dskimmed2009: What do you need to buy now man?
[12:00] robertsicili: all business, i get it.
[12:00] robertsicili: i want to tell your story. you are very interesting.
[12:01] dskimmed2009: yes am interesting man ok
[12:01] dskimmed2009: dont be serious let finish the deal at least today now ok
[12:01] robertsicili: i write for numerous US papers and find what you do facinating. Id like to understand your process.
This seemed to have gone right over his head because he never acknowledged it.
[12:06] robertsicili: so its not a problem for you to be public? how do you keep from being traced?
[12:06] dskimmed2009: i have many securities upon me so u dont need to be worried about that at all man ok
[12:07] dskimmed2009: becoz i do genue and valid business here with many and more costumers man
[12:07] dskimmed2009: so no one will traced upon me ok
[12:07] robertsicili: not worried, just curious, youre very smart
[12:07] dskimmed2009: why are u saying that am smart
[12:08] robertsicili: because you are able to be public, but still anonomous
[12:08] dskimmed2009: of course man becoz if i were to be bad i will never be in public annoucenment forums
[12:09] robertsicili: what is your “valid business”
[12:10] dskimmed2009: My valid business is to just do long term business with the other costumers man
He begins to tell me how honest he is with his customers.
[12:10] dskimmed2009: always i do give them what they will paid me for ok
[12:10] dskimmed2009: i dont dissapoint them as some ppl’s are doing to the other costumers
[12:10] robertsicili: so you are an hoinest business man who doesnt stiff his customers.
[12:11] dskimmed2009: i never stiff my costumers ok
[12:11] robertsicili: i see you take pride in that. and you should.
[12:11] dskimmed2009: am not interesting to do that to my costumers to loose my market man
[12:11] dskimmed2009: i always want to do long term business with my costumers
[12:12] robertsicili: there must be a lot of dishonest people in your business who stiff people
[12:12] robertsicili: how long have you been doing it?
[12:12] dskimmed2009: of course and they are those who used to spoiled most of the hackers business man
[12:13] robertsicili: so you are a “hacker”, do you get the data directly?
[12:13] dskimmed2009: i have been in this business for very good 17 years of age man
He loosens up a little and begins to give me history and a bit about his process.
[12:14] dskimmed2009: i use to go to Ho Minh Chin…Vietnam to hack softwares and come back to russian again man
[12:15] dskimmed2009: i have 3 types of softwares i use for my work man
[12:15] robertsicili: what are they called?
[12:15] dskimmed2009: One if for use to skimmed dumps
[12:15] dskimmed2009: software to skimmed dumps called Skimmer
[12:16] dskimmed2009: i have one too hacking software it used to hack credit card numbers and bank logins man
[12:16] dskimmed2009: i have western union bug software version 2010 with an activation code
[12:17] dskimmed2009: used to do online western union wireing and also hacking an mtcn numbers out from fullz man
[12:17] dskimmed2009: i have all types of skimming
[12:18] robertsicili: “hacking software” so on other peoples computers?
[12:18] dskimmed2009: OH YES
He’s all happy now.
[12:22] robertsicili: are you russian?
[12:23] dskimmed2009: am not a russian man
[12:23] dskimmed2009: i have been there for good 8 years just to study how to hack very experiencely and perfect way man
[12:26] robertsicili: in the US we are hacked by many countries. The chinese are great hackers, Romanians too.
[12:27] robertsicili: I have heard of vietnamese hackers too but not as often.Ukraine have many good hackers
[12:27] dskimmed2009: oh yes man
[12:27] dskimmed2009: RUSSIAN,VIETNAM,THIALAND,ROMANIA,UKRAINE,NIGERIA ,GHANA
[12:28] robertsicili: Yes. All hacking Americans or all over the world?
[12:28] dskimmed2009: All those countries i just mention they contain alot of fake and good hackers
[12:29] dskimmed2009: they hack EUROPE,UK,US,CANADA,ASIA,WESTERN PART OF AFRICA
We discuss family!
[12:29] robertsicili: do you have kids?
[12:29] dskimmed2009: they hacked all over the world man
[12:29] robertsicili: ok
[12:29] dskimmed2009: i have 2 kids and my personal wife
Back to business
[12:35] robertsicili: how do you get paid?
[12:35] dskimmed2009: they are sooo many ways of means to get money easy but they dont like it on that way
[12:36] dskimmed2009: Through Western Union,Money Gramm,Liberty Resrve and Web Money
[12:38] dskimmed2009: u can also do western union online transaction money transfer with fullz
[12:39] robertsicili: define fullz
[12:39] dskimmed2009: fullz contain , SSN : SOCIAL SECURITY NUMBERDOB : DATE OF BIRTHDL : DRIVING LINCENSEMMN : MOTHER MAIDEN NAME
[12:40] robertsicili: I now understad fullz, but how do I turn that data into money?
[12:40] dskimmed2009: i will teach u if u buy either the fullz or the software ok
[12:40] dskimmed2009: u will just process and operate the software thats all
[12:41] robertsicili: how much for the software?
[12:41] dskimmed2009: 700$
[12:41] robertsicili: damn!~
[12:42] dskimmed2009: Don’t make noise
[12:42] dskimmed2009: i can reduce the price for u if u are ready at any time ok
[12:42] dskimmed2009: am not difficult hacker ok\
Such a great guy and all around good business man. Now I want more detail I want raw data, I want proof.
[12:48] robertsicili: when you get a chance send me samples of what I can get with the software. CVV2?
[12:49] dskimmed2009: all my software are containing security password and codes so i cant just give out like that man
[12:49] dskimmed2009: unless u have make payment for it
[12:49] dskimmed2009: b4 i can give u man
He is refusing to send me samples of data he hacked. I’m beginning to think he has nothing.
[12:50] robertsicili: if im going to make an investment in your softwareI need to understand what it does.
[12:51] dskimmed2009: it will hack the amount on the fullz as mtcn numbers for u to get out with the rest of the infomations man
[12:51] robertsicili: what is mtcn
[12:52] dskimmed2009: Money Transfered Control Number
But he never tells me what it does or how it works. I spend the next hour trying to pull that from him.
[12:54] robertsicili: you sell logins, how do you get them?
[12:55] dskimmed2009: bank logins ?
[12:55] robertsicili: is that what you sell?
[12:55] dskimmed2009: i have software to hack that from bank personal and company account’s
[12:55] dskimmed2009: yes i sell bank logins too man
[12:55] dskimmed2009: CVV,FULLZ,DUMPS,LOGINS,TRANSFERS
[12:56] dskimmed2009: I Do bank transfer,western union transfer and paypal verified account transfer toooo
[13:12] robertsicili: How do you get login data?
[13:14] dskimmed2009: i hack from online banking with software
[13:14] dskimmed2009: i have boa,rbc,wamu,wachovia
[13:14] dskimmed2009: icici,hsbc,abbey
[13:37] dskimmed2009: u need banking software for bank login date?\
[13:38] robertsicili: if im to start a business of hacking data I want to know what to buy from you.
[13:38] dskimmed2009: yes man
[13:38] dskimmed2009: please give me ur western union infomations now ok
[13:38] dskimmed2009: with ur phone number
[13:39] robertsicili: and what will you do with my western union info?
[13:39] dskimmed2009: i want to send some money for u to cash it out and send it to me on my infos in ghana man ok
Now he wants my “western union” account data so he can send me money so I can send his partner money in Ghana. He’s beginning to try an “affinity” scam on me.
[13:39] dskimmed2009: one of my business patner man
[13:39] dskimmed2009: he is online now am talking with him
[13:40] dskimmed2009: so i want to give him us infos to send the money
[13:40] dskimmed2009: through money gramm
[13:40] dskimmed2009: becoz right now all the banks is close
[13:40] dskimmed2009: here in ghana now
[13:41] robertsicili: why do you want to send me cash?
[13:41] dskimmed2009: i want him to send the money to us country so that u cash it out send it to me here in ghana now man ok
[13:41] dskimmed2009: becoz right now all banks is close in ghana now ok
[13:44] robertsicili: OK so he sends me money and i send it back to you because the banks are closed?
[13:44] dskimmed2009: oh yes
[13:44] dskimmed2009: that is it my brother
[13:45] robertsicili: In the US we call that an “advanced fee” scam. At least thats what someone told me.
[13:46] dskimmed2009: okay then stop ok
[13:46] dskimmed2009: don’t do it again ok
[13:46] dskimmed2009: we continue our business now
“don’t do it again” he tells me. OMG LMAO!!!!!
[13:47] robertsicili: I want to buy your software that hacks online banks. Tell me what it does and how much money it will cost me.
[13:49] dskimmed2009: it cost 1300$ for online banking software to hack bank logins both personal and company account
[13:51] robertsicili: tell me how it works, I want to undersyand the technology. Is it sql-injection, spyware? Password hacks, Phishing?
[13:52] dskimmed2009: 2 COMERSUS SOFTWARE WITHOUT BANK LOG IN AND BANK CREDIT CARD CODE ==========1000$
[13:52] dskimmed2009: 3 NEW WESTERN UNION HACKING BUG FOR WORLD WIDE TRANSFER ==========700$4 NEW PAYPAL LOG IN HACKWARE FOR HACKING FRESH PAYPAL ==========250$
[13:53] dskimmed2009: 7 NEW CREDIT CARD VALIDATOR FOR VALIDATING ANY FULL CC INFO ==========120$
[13:53] dskimmed2009: WESTERN UNION ONLINE SOFTWARE(WESTERN UNION BUG)VERSION 2009/2010PRICE:700$
Now I begin to get confused as he describes his process, because it makes no sense.
[14:22] robertsicili: explain to me me how it brings the infos and what the software hacks
[14:22] dskimmed2009: it will hack the bank u will choose on the list of the software processor
[14:23] dskimmed2009: then u will wait for 30 minutes for that bank u choose it’s infomations
[14:23] dskimmed2009: every infomations that will appear within that 30 minutes if valid infomations
[14:25] dskimmed2009: It’s not difficult to understand but if u understand i will be very happy man ok
[14:25] robertsicili: so the software is hacking the banks processor and getting consumer logins?
[14:28] dskimmed2009: it’s like bank transfer
[14:36] robertsicili: explain how th bank transfer works?
[14:36] dskimmed2009: a’m worry about how u dont understand man
[14:36] dskimmed2009: infact its pains me
“infact its pains me” TOOOOOO FUNNNNNYYY!!!!!!!!!!!!!!!
[14:36] robertsicili: Im skilled in software but want to understand how it works. is it a sql injection?
[14:38] robertsicili: if I am to spend thousands of dollars I needd to know how the tech nology works. you are selling hacking softeware but wont tell me how it works
[14:38] dskimmed2009: it will bring that bank u choose all its infomations will appear on it within that 30 minutes time man
None of this makes sense.
[14:40] dskimmed2009: u see someone’s bank account
[14:40] dskimmed2009: he is from usa
[14:40] dskimmed2009: his account was hacked by the software last weeks monday
[14:41] dskimmed2009: 38k was withdraw from it by one of my costumer who come to buy the software man
[14:43] robertsicili: ok
[14:43] dskimmed2009: u see ?
[14:44] robertsicili: soft of. I think there mayt be a language barrier here
[14:45] dskimmed2009: what do u mean by that man?
[14:45] robertsicili: so the software gives me access to the server and shows the banks customers accounts?
[14:45] robertsicili: then I can withdraw from the account and make a transfer?
[14:46] dskimmed2009: oh yes man
[14:46] dskimmed2009: that is it
[14:46] dskimmed2009: u can make the transfer ur self to ur account either company or personal account
So I ask him how he hacks Paypal. Based on his answer It cant possibly be this easy.
[14:50] robertsicili: ok. how does it work with paypal?
[14:51] dskimmed2009: We have Verified and Non Verified Account
[14:51] dskimmed2009: just the id and the password
[14:51] dskimmed2009: we have ones with an empty balances and with ones with founds tooooo
[14:59] robertsicili: how does it work?
[15:00] dskimmed2009: for that one is not difficult man
[15:01] dskimmed2009: u will just put the id on it,it will show the password and the amount in the account
WHAT? His software just needs an ID (account number) and it shows the password? I think I smell a rat.
[15:01] dskimmed2009: then u transfer to ur bank account or ur paypal account or uur personal account or any of ur company accout man
[15:02] dskimmed2009: that’sall
[15:02] robertsicili: serious? you have software that will show a persons user ID and their passwords and whats in the account? How does it do that?
[15:03] dskimmed2009: the software self will show the password and the amount on it
[15:03] dskimmed2009: infact i have sell this to 2 costumers only
[15:03] dskimmed2009: it’s too cost but simple to operate
[15:05] robertsicili: This sounds to good to be real. How can you prove this works before i send you money?
[15:05] guest-14953 entered the room
[15:06] dskimmed2009: i dont have any thing to show man
So he’s got nothing. Or at least wont give up anything.
[15:07] dskimmed2009: if u are ready u go to send money now so that i send u the software man
[15:07] dskimmed2009: becoz with the software u will make alot of money
[15:07] dskimmed2009: and am going to do long term business with u for ever man
[15:07] robertsicili: if what you say is true then the entire banking and paypal security is non existent.
[15:08] dskimmed2009: so u must to trust me and to be honest with me that alll
[15:08] robertsicili: dude, i find it hard to trust in this situation.
[15:09] dskimmed2009: ok
[15:09] dskimmed2009: any way thanks for contacting me ok
[15:09] dskimmed2009: bye
What an ASS. I learned he wasn’t much of a hacker, or at least didn’t have a very good handle on his technology or he just didn’t want to tell me. But the mere fact that he is sitting in a hut or internet café somewhere and communicating like this tells me someone somewhere has sent him money. Man.
- Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
- Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)
Robert Siciliano Identity Theft Speaker discussing credit card and debit card fraud on CNBC
