Since 2005, hackers and thieves have stolen more that 140 million credit card numbers, which resulted in $67 billion in annual losses. Credit card fraud and identity theft are running rampant and will probably only get worse with the troubled worldwide economy.
Do you ever wonder how crooks obtain access to credit card information that allows them to use stolen cards? The network of credit card fraudsters is worldwide in nature and is driven by a relatively small number of sophisticated hackers and thieves.
We found a fascinating article published by Wired Magazine called One Hacker’s Audacious Plan to Rule the Black Market in Stolen Credit Cards. The article goes into detail about how one entrepreneurial hacker tried to take over the business of trafficking stolen credit card numbers. This is an article that is well worth the time to read from start to finish.
The article focuses on the criminal career of a very knowledgeable and ingenious hacker named Max who launched a plan to take over the carders marketplace, which includes a number of underground web sites where criminals buy and sell stolen credit card numbers, Social Security numbers and other data essential for credit card fraud and identity theft. Some of these web sites have thousands of members. The culprit hacked the major carders sites and after stealing all of their ill-gotten data and member lists, consolidated it into his own web site where he sold the data.
Buyers and sellers of credit card numbers are global in nature and can be found in almost every country. A recent 2008 bust of one network of card hackers found that 41 million credit card numbers had been stolen. Members of the gang included hackers from the USA, Ukraine, China, Estonia and Belarus.
The article is essentially a tutorial and an inside look into how credit card fraud occurs. It is no longer just a simple matter of a waiter or waitress stealing a carbon copy of a credit card receipt or taking a snapshot with a cell phone. Today they may have pocket-sized credit card skimmers that capture the information from the magnetic stripe on the back of a card. This information is called a dump and is very valuable, because the information is from a verified valid card that may be used to fraudulently purchase goods online before the customer leaves the restaurant.
Credit card information is spread across so many networks that it is difficult to secure the data. Max and his crew also went after primary sources of data, such as banks and credit unions. He used the FDIC’s web site to target small banks and credit institutions that were not likely to have sophisticated security in place.
The team managed to produce physical credit cards using stolen numbers. The cards were complete with raised numbers and holograms. The phony cards were then used to purchase luxury goods, such as expensive ladies leather handbags, shoes, watches, etc., that could easily be fenced or sold on eBay.
There was no shortage of guts with Max and his associates. At one point, they send e-mails to several employees at Capital One. The e-mail provided a link and indicated that their name was mentioned in a report that ran in Financial Edge regarding a leak of customer records from Capital One. Financial Edge was one of Max’s phony web sites and when employees at Capital Once clicked on the link to view the article, they were presented with a blank screen. While they were wondering what that meant, Max send malicious scripts through the employees Internet connection to Capital One’s systems. The exploit was discovered and stopped, and there wasn’t any leak of customer information, but there could have been if Capital One did not identify and stop the hack attempted by Max.
Max was eventually busted and now faces 30 years to life in prison. His sentence will be particularly harsh due to new sentencing laws for credit card fraud, and also due to the fact that he had been busted and imprisoned multiple times in the past for credit card theft and similar crimes. Every time he got out of prison, it didn’t take long before Max was back doing what he did best–finding more sophisticated methods for stealing credit card information.
For every credit card scammer who gets caught and put behind bars, there are hundreds or possibly thousands of other credit card hackers who do not get caught or are operating in countries beyond the reach of western governments. The bottom line is that you can do everything in your power to protect your identity and your credit card numbers, but there are always ways for hackers to obtain the information that are beyond your control. It is wise to scrutinize your credit card statement every month and report any suspected case of credit card fraud to the credit card company.