Be informed; the FTC tested how long it takes for criminals to use personal data dumped online, including credit card information, and found it can take just nine minutes before thieves try to use it.
Your credit card
information is valuable, and for criminals who want to learn how to find and
use it -- there's a class for that.
One six-week program,
taught in Russian, includes lectures on finding legitimate credit card data for
sale and hacking into PayPal accounts.
Security firm Digital
Shadows discovered the cybercrime class taught by five instructors and sold on
a deep web forum. The class was revealed in research published Wednesday
investigating credit card fraud and a criminal activity called
"carding," or stealing and using payment card data.
"The curriculum and
rigor associated with it is not like most of the training materials that are
out there," Rick Holland, vice president of strategy at Digital Shadows,
told CNN Tech. It's more in-depth than other trainings, like PDFs that criminals
can buy much cheaper.
The class, which costs
about $945 with the materials, consists of 20 different lectures and allows the
students to chat with the instructors.
An ad for the carding course, translated into English from Digital Shadows.
Carding is a popular
type of cybercrime. Thieves will steal credit card data from insecure
databases, by hacking into companies or just buying it on the dark web on
hidden sites you wouldn't find with a Google search. Digital Shadows estimates
$24 billion will be lost to credit card fraud next year.
Criminals can also take
emails and passwords leaked from other data breaches, and test them on banking
websites. For instance, credentials from LinkedIn, Dropbox, and Adobe have
previously been leaked online.
According to Digital
Shadows, the course recommends visiting one of six different sites to get
credit card data. On two of those forums, more than 1.2 million card
numbers were advertised for sale -- nearly half of them in the U.S. CNN
Tech is not publishing the names of the sites on the deep web where criminals
can buy credit cards.
Carders will often buy
vacation packages, plane tickets, hotel reservations, or gift cards with stolen
credit cards.
Digital Shadows said
they have disclosed the scheme to law enforcement in the U.S. and Europe.
A common scheme
According to Norman
Barbosa, the assistant U.S. attorney for the Western District of Washington and
the office's Computer Hacking and Intellectual Property Crimes coordinator,
it's common for credit card fraudsters to work with networks of people.
Barbosa helped prosecute
Roman Valerevich Seleznev, one of the world's most notorious carders. Seleznev
stole millions of credit card numbers and sold them to other criminals.
Prosecutors said known fraud loss associated with his efforts totaled $170
million. He was sentenced to 27
years in prison in April.
Seleznev trained
fraudsters on how to use stolen credit cards to increase demand for the product
he stole. His training, though more rudimentary than the lectures discovered by
Digital Shadows, helped boost his own business. He also advertised his products
on different hacker forums, Barbosa said.
Seleznev's prosecution
was a major victory for the U.S. Department of Justice.
"It's somewhat common
to identify them," said Barbosa, adding that card hackers and sellers are
based in Russia and Eastern Europe, while the buyers are often in the U.S.
"It's a little more more difficult to prosecute them. Much of the
investigations in computer crimes are focused on trying to pull back layers to
find out who is behind the criminal activity."
Consumers should be aware
To test the validity of
credit cards, criminals will try processing small amounts -- less than $5 -- to
see if the card works. Holland suggests putting alerts on your credit card and
bank for purchases less than $5 and more than $100 to detect fraud.
>> CNNTech
>> CNNTech
No comments:
Post a Comment