In-depth

Taking on the fraudsters

If you want to stop cyber criminals, it pays to get to know them...

The market place is busy, it always is. Buyers and sellers in large numbers congregate to discuss transactions. 

CCp7: "Hello, what's up?"

Ghoira: "I need New York, full info!"

CCp7: "Do you have CC for sale?"

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Ghoira: "I have CC from UK and USA. I want to buy USA full info."

CCp7: "Cool, maybe we can trade!"

Ghoira: "You got full info from NY state?"

CCp7: "How much do you want for USA credit cards?"

Ghoira: "I want only from NY!"

CCp7: "Yes, I have few. Oh so I need to look for NY!"

Advertisement - Article continues below

Ghoira: "Yes, the only ones U need. And I don't want money. I want to exchange."

CCp7: "OK, can you provide samples? I need proof that you have them."

Ghoira sends over details of what he is offering. CCp7 knows this is the real deal.

These are the good guys. They are responsible for making quite a few fraudsters upset and they can hold a grudge.

Advertisement
Advertisement - Article continues below

CCp7 continues the conversation but he's not buying. He doesn't intend to buy. Ever. He never wants to purchase what's on offer in the marketplace.

He is, in fact, one of several intelligence analysts working for IT security company RSA. What the seller (Ghoira) is offering are credit card details. Thousands of them. Hacked from some unsuspecting business.

Advertisement - Article continues below

There are hundreds of such sellers in this online marketplace, with such conversations and transactions carried out in anonymous chatrooms. The business is very lucrative.

These analysts work in a non-descript building in Herzliya, north of Tel Aviv, Israel. We are not allowed to film, take photos or identify these people in any way. The work they do here means they are subject to very real death threats from the cyber criminal fraternity. This is a serious business on both sides of the fence. 

"They are tracking the underground, they are in the underground. [They are] looking at forums, looking at what the bad guys are doing," says Oren Karmi, head of cyber intelligence at RSA as he shows us into a room where the analysts sit behind displays full of IRC chat windows.

"These are the good guys. They are responsible for making quite a few fraudsters upset and they can hold a grudge."

Where the money is

Karmi explains why the criminals do what they do. "The most basic thing is their need to make money," he says. 

Advertisement - Article continues below

One the most popular ways for fraudsters to publicise their wares is through using IRC, according to Karmi. Analysts stop by these to listen in.

"Fraudsters use it to talk with each other and present their goods. This can be compared to a market. People shout; try to sell their wares. It is a great place to find someone to talk to, to get a bit of info," says Karmi.

Advertisement
Advertisement - Article continues below

An analyst shows us a chatroom. He explains a criminal has infected computers he can access remotely. The fraudster can install malware on these machines or enable access to it for a willing buyer of his services. 

"I have fresh USA dumps without PIN for shopping", says one fraudster in a chatroom. A dump' is a slang word for stolen credit card information and usually contains among other things; name and address of the cardholder, account number, expiration date, verification/CVV code.

Daniel Cohen, head of Knowledge Delivery at RSA, explains that fresh dumps means the fraudster has stolen relatively new credit card information in the last couple of days. These dumps are much more valuable as the victims may not have had the time or the knowledge to cancel the cards. 

In much the same way that police officers go undercover to find out more about criminals, the analysts go into private chat rooms with fraudsters to ask for samples to extract as much information and intelligence from the bad guys.

Advertisement - Article continues below

In these chat rooms, the business of crime is conducted. As with any business, it has its sales patter. "Super-fresh dumps" usually means credit card details stolen within the last hour.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/business/business-strategy/354252/huawei-takes-the-us-trade-sanctions-into-its-own-hands
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019