Community
Albert Gonzalez and his gang of criminal hackers, were responsible for data breaches in retailers and payment processors with some estimates saying they breached over 230 million records combined.
Gonzalez, considered a proficient criminal hacker, provided “Dumps” which is credit card data he stole from the breaches and supported the supply of “Carders”. “Carders” are the people who buy, sell, and trade online the credit card data stolen from phishing sites or from large data breaches at retail stores. Here is a video providing an example of what an online IRC forum looks like where data is bought and sold
Gonzalez who pleaded guilty to his crimes will be serving the next 15 years in jail. The techniques he and his gang used were a combination of fraud schemes that have led to a significant increase in counterfeit fraud.
Some of their tactics may have included:
Wardriving; seeking out wireless networks to crack, then installing spyware
Phishing; spoofed emails prompting the user to enter account information
Phexting or smishing; spoofed text messages prompting the user to enter account information
Key logging; using hardware or software to spy on the users PCs
ATM skimming; affixing hardware to the face of ATMs and gas pumps skimming card data
Another more advanced technique they used was called a “SQL injection”. SQL is abbreviation of Structured Query Language. Pronounced ”Ess Que El” or ”Sequel” depending on who you ask.
According to Wikipedia, a “SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.”
In other words, a SQL injection is a virus or bug that effects an application that is not properly coded or secured. There are many different configurations of various software used to build and run a website. An example would be the common Wordpress blog platform that many use and that has been found to be vulnerable. This is just one of hundreds of applications that can be hacked in this way.
IBM Internet Security Systems discovered 50% more web pages infected in the last quarter of 2008 than in the entire year of 2007.
In 2005, a now defunct 3rd party payment processor called CardSystems suffered a SQL injection, compromising a reported 40 million credit cards.
While Gonzalez has gone down, Carders are still very active. The Register reports Carder forum drops offline after hack attack. A Pakistan-based carder site has dropped off the net, after white hat hackers broke into the forum and posted details of the hack on a full disclosure mailing list.
Pakbugs.com provided a forum for ne’er do wells to discuss hacking tactics and trade malware, bank logins details and stolen credit card credentials. However this activity was interrupted after login details for the forum and email addresses were posted online following a break-in by the good guys. The white hats published a list of the Carders usernames and email addresses here.
There are:
There doesn’t seem to be a shortage of opportunity for Carders to keep up at their current pace. When a Carder hacks your credit card info that’s called “account takeover”. When they open up a new credit card account that is “new account fraud” or “application fraud”.
1. Protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.
2. Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.
3. Invest in Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.
Robert Siciliano Identity Theft Speaker discussing credit card and debit card fraud on CNBC
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Eimear Oconnor COO at Form3 Financial Cloud
07 November
Kyrylo Reitor Chief Marketing Officer at International Fintech Business
06 November
Konstantin Rabin Head of Marketing at Kontomatik
Alexander Boehm Chief Executive Officer at PayRate42
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.