begood Posted March 4, 2010 Report Posted March 4, 2010 Credit card data has been traded on the cyber black-market for a number of years. The relatively recent breaches of TJX Companies (owner of T.J. Maxx) and Heartland Payment Systems show the extent to which criminals will go in order to harvest credit card numbers, social security numbers, names, addresses and more. All this legitimate (but stolen) information fuels a world of cyber crime.In this article we show that, unlike what you might think, the credit card black-market operates very much in the open. Below we point out websites, which can be used to tap into the cyber black-market and find stolen credit card numbers and the associated credentials to purchase for any purpose they desire. We also show instant messenger handles, emails and details of what cyber criminals are selling on the Internet.We analyzed 429 unique domains and 615 unique URLs. Each of these URLs contained information about buying stolen credit card information. Each URL lead to a web page where cyber-criminals have posted details about how to interact with them and buy stolen financial credentials. In the majority of cases, cyber criminals who are selling this information can provide one of the following types of data.The data for this article was collected between February 27th and March 2nd, 2010.Basic Credit Card Information Offers:Usually consists of credit card number, type, expiration date and CVV.1 USA & CANADA CCV22 3 VISA/Mastercard ~ 2USD/each4 AmEX/Discover ~ 4 USD/each5 6 UK & WU CVV27 8 VISA/Mastercard ~ 3USD/each9 AmEx/Discover ~ 5USD/eachPremium Credit Card Information Offers:Usually consists of credit card number, type, expiration date, CVV, SSN, Home Address, Full Name, Date of Birth and much more.01 USA & CANADA CCV202 03 VISA/Mastercard ~ $35/each04 05 UK & EU06 07 VISA/Mastercard ~ $40/each08 09 ACCOUNT INFORMATION:10 First Name: xxxxx11 Last Name: xxxxx12 Address: xxxxx xxxxx xxxxx xxxxx13 Apt:14 City: Homestaed15 State: FL16 Zip: xxxxx17 Home Phone: (xxxxx)xxxxx-xxxxx18 Work Phone: (xxxxx)xxxxx-xxxxx19 Email: xxxxx@yahoo.com20 SSN: xxxxx-xxxxx-xxxxx21 License Number: xxxxx-xxxxx-xxxxx-xxxxx-xxxxx22 License State: FL23 DOB: 09/xxxxx/xxxxx24 25 PAYMENT INFORMATION:26 Credit Card Type: VISA27 Number: xxxxxxxxxxxxxxx28 CCV: 88929 Expiration Date: 11/200830 Name: xxxxx xxxxx31 Card Name First: xxxxx32 Card Name Last: xxxxxPayPal Information Offers:1 Verified account ~ 20USD/each2 Verified account with email pin ~ 25USD/each3 Verified acccount with full info ~ 35USD/each4 unverified account ~ 10USD/eachSome domains host multiple instances of stolen Credit Card Ads, (CC-Ads). We present the frequency distribution of CC-Ads on each unique domain below.Interesting Highlights: * None of the websites advertising stolen credit card data were blacklisted by Google’s Safe Browsing List. This could potentially indicate that cyber criminals are conscientious of not discouraging visitors to these sites. * Cyber criminals prefer to get paid via Liberty Reserve and Western Union money transfer services. * Some cyber criminals have used images to provide quotations Conclusion:It is clear from the current state of the credit card black-market that cyber criminals can operate much too easily on the Internet. They are not afraid to put out their email addresses, in some cases phone numbers and other credentials in their advertisements. It seems that the black market for cyber criminals is not underground at all. In fact, it’s very “in your face.” Clearly a more concerted effort is required to clamp down on this problem. Simply tying up loose ends on the enterprise side is not enough to combat this problem when there is virtually nothing to stop criminals from touting their stolen wares freely in the Internet.Editor’s Note: We are providing a limited list of sites as an example of the brash lawbreaking behavior of these cyber criminals. We believe it is important for the purpose of this article that the reader be able to verify our statements. Additionally, we believe that consumer awareness of the problem can only serve to reduce the ease with which these criminals operate.Forums used to buy and sell stolen credit card information:1 *hxxp://ghostmarket.net2 *hxxp://gayatheists.2.forumer.com3 *hxxp://www.pakbugs.com/sell4 *hxxp://forums.lava-carding.com5 *hxxp://www.offcarding.forums-free.com6 *hxxp://hack0rz.forums-free.com7 *hxxps://security-shell.ws8 *hxxp://silverspam.net9 *hxxp://sellcvv2.forums-actifs.comVarious instant messenger credentials [1] [2] [3] used by cyber criminals:People who interacted with “ubuntu_kana” (Yahoo messenger): * ahmadshrief11@yahoo.com, davidlindon1@gmail.com, frankykkk@yahoo.com, suzannasuro@gmail.com, alexgenieve@hotmail.com, dave3331@gmail.com, ccvhack21@yahoo.com, trungtuyen68@yahoo.com, XUAN_CCS@YAHOO.COM, niklasjulius@rocketmail.com, boy_magnanimous@yahoo.com, FRESH_HACK2002@YAHOO.COM, vic.sell@yahoo.comPeople who interacted with “peeseller” (Yahoo messenger): * aloopapa@yahoo.com, dumpsfresh@yahoo.com, ug.tsunami@yahoo.com, sellrep@yahoo.com,People who interacted with “bagiabancc” (Yahoo messenger): * WorkusaJob@yahoo.com, david_cuong_85@yahoo.com, salulynho@yahoo.com, vang_kiban@yahoo.com, pro.cv2er@gmail.com, pro.cv2er@hotmail.comThe “Underground” Credit Card Blackmarket – stopthehacker.com – Jaal, LLC Quote
