Language Selection

English French German Italian Portuguese Spanish

Black Market in Stolen Credit Cards

Filed under
Security
Web

"Want drive fast cars?" asks an advertisement, in broken English, atop the Web site iaaca.com. "Want live in premium hotels? Want own beautiful girls? It's possible with dumps from Zo0mer." A "dump," in the blunt vernacular of a relentlessly flourishing online black market, is a credit card number. And what Zo0mer is peddling is stolen account information - name, billing address, phone - for Gold Visa cards and MasterCards at $100 apiece.

It is not clear whether any data stolen from CardSystems Solutions, the payment processor reported on Friday to have exposed 40 million credit card accounts to possible theft, has entered this black market. But law enforcement officials and security experts say it is a safe bet that the data will eventually be peddled at sites like iaaca.com - its very name a swaggering shorthand for International Association for the Advancement of Criminal Activity.

For despite years of security improvements and tougher, more coordinated law enforcement efforts, the information that criminals siphon - credit card and bank account numbers, and whole buckets of raw consumer information - is boldly hawked on the Internet. The data's value arises from its ready conversion into online purchases, counterfeit card manufacture, or more elaborate identity-theft schemes.

The online trade in credit card and bank account numbers, as well as other raw consumer information, is highly structured. There are buyers and sellers, intermediaries and even service industries. The players come from all over the world, but most of the Web sites where they meet are run from computer servers in the former Soviet Union, making them difficult to police.

Traders quickly earn titles, ratings and reputations for the quality of the goods they deliver - quality that also determines prices. And a wealth of institutional knowledge and shared wisdom is doled out to newcomers seeking entry into the market, like how to move payments and the best time of month to crack an account.
The Federal Trade Commission estimates that roughly 10 million Americans have their personal information pilfered and misused in some way or another every year, costing consumers $5 billion and businesses $48 billion annually.

Full Story.

More in Tux Machines

Is your company an open source parasite?

Getting involved in the open source projects that matter to a company, in other words, gives them more ability to influence their future today, even as dependence on a vendor results in putting one's future in the hands of that vendor to resolve on their timetable. It's simply not smart business, not if an open source alternative exists and your company already depends upon it. In sum, the GitHub contributor counts should be much higher, and not merely for those in the business of selling software (or tech, generally). Any company defined by software—and that's your company, too—needs to get more involved in both using and contributing open source software. Read more

LibreELEC Embedded Linux OS Now Compatible with Windows 10 Fall Creators Update

The LibreELEC 8.2.1 update is based on the latest Kodi 17.6 "Krypton" open-source and cross-platform media center software and it mostly patches some Samba (SMB) "file exists" share errors on Windows 10 Fall Creators Update by updating the protocol to Samba 4.6.10, implementing SMB client options for minimum SMB protocol and an SMB legacy security option with NTLMv1, and disabling SPNEGO. "LibreELEC 8.2.x includes changes that allow the Kodi SMB client and our embedded Samba server to support SMB2/3 connections; deprecating SMB1 to improve security and performance. This is necessary to cope with changes Microsoft introduced in the Windows 10 ‘Fall Creators Update’ to resolve SMB1 security issues," explained the developers. Read more

Canonical Releases Major Kernel Update for Ubuntu 16.04 to Fix 13 Security Flaws

The update is a major one patching a total of 13 security flaws, including race conditions in Linux kernel's ALSA subsystem, the packet fanout implementation, and the key management subsystem, as well as use-after-free vulnerabilities in both the USB serial console driver and the ALSA subsystem. Various other issues were also patched for Linux kernel's key management subsystem, the Ultra Wide Band driver, the ALSA subsystem, the USB unattached storage driver, and the USB subsystem, which received the most attention in this update as several security flaws were recently disclosed. Read more

Graphics: NVIDIA and AMD