Posts

Dutch Hacker Extradited From Romania, Charged With Credit Card Fraud

A 21-year-old Dutch hacker known within the online hacking community as “Fortezza” was arrested in Romania in March, and extradited to the United States in June.

U.S. Attorney Jenny A. Durkan, who chairs the Attorney General’s Advisory Committee on Cybercrime and Intellectual Property Enforcement, said, “This defendant has wrought havoc on victims and financial institutions around the world, this indictment alleges that in just one transaction he trafficked in as many as 44,000 stolen credit card numbers resulting in millions of dollars in losses to financial institutions. Cybercriminals need to know: We will find you and prosecute you. I commend the cyber investigators at the U.S. Secret Service Electronic Crimes Task Force and Seattle Police Department for tracking down these international criminals.”

Hackers like “Fortezza” employ a variety of methods to obtain credit card data. One technique is wardriving, in which criminals hack into wireless networks and install spyware. Another is phishing, in which spoofed emails prompt the victim to enter account information. “Smishing” is similar to phishing, but with text messages instead of emails. Some hackers use keylogging software to spy on victims’ PCs, while others affix devices to the faces of ATMs and gas pumps in order to skim credit and debit card data.

All this stolen data is ultimately used to steal from financial institutions, which lose $40 billion a year to credit card fraud, and from retailers. These business fraud targets must employ multiple layers of protection to thwart cybercriminals.

One layer that businesses put upfront in their fraud detection process is based on device intelligence—what that device is doing right now on the site, and what fraud or abuse that device has caused with other businesses, even in other geographies. The leader in device identification technology is iovation, and they offer a fraud prevention service that allows online businesses to create customized business rules for identifying potentially risky transactions, and those rules can be adjusted on the fly as new threats emerge.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Underground Forums Selling Stolen Credit Cards

WE DO NOT SELL DUMPS. DO NOT EMAIL OR CALL

WE DO NOT SELL DUMPS

“Carders” are the people who buy, sell, and trade stolen credit card data online. This carding forum video provides an example of an online forum where stolen credit cards are bought and sold.

Hackers rely on a variety of techniques to obtain credit card data. One such data theft technique is wardriving, in which criminals hack into wireless networks and install spyware. Another is phishing, in which spoofed emails prompt the victim to enter account information. Phexting or smishing are similar to phishing, but with text messages instead of emails. Some hackers use keylogging software to spy on victims’ PCs. Others affix devices to the faces of ATMs and gas pumps in order to skim credit and debit card data.

NPR reports an FBI agent calling himself Master Splynter was assigned to the underground and had created an entire backstory for Master Splyntr to get the criminals on the underground sites to trust him.

In the course of his dealings with “carders” (criminal hackers dealing in stolen credit cards) he developed relationships with the leaders of a particular forum.  This relationship proved paramount as an attack came upon this forum jeopardizing its existence. Master Splynter convinced the forums leaders to move the forum off its current server and onto his own server that was “well hidden from law enforcement” and safe from other hackers.

Now the FBI had full control of all the traffic moving through the forum and was able to identify the credit card theft suspects, make some arrests and take down the forum.

While an accomplishment, it’s only a small one as carding forums pop up every day to take this one’s place. As long as credit cards as we know them are easy to compromise via skimming or hacking and anyone can make a card not present transaction over the web, credit card theft and underground forums like these will proliferate.

Robert Siciliano personal and small business security specialist to ADT Small Business Security discussing ADT Pulse on Fox News. Disclosures