These days I have been thinking and researching the great question of “Where does all the data go?” We read about data compromises in the news and hear about large fines and penalties geared towards corporate America (or “end users” as @cmlh likes to call them.) But what happens to that data after it’s stolen, lost, or ‘exposed’? What happens in the hacker underground and how is it frighteningly similar to the US housing market crash? Why do hackers wait before selling off their stolen data? Why does this give us time to prepare? And what is the ROI of reporting data compromises. I’ll be creating several blog posts and podcasts on this very topic.
The carder underground is not to dissimilar to the e-commerce marketplaces we use such as eBay. You see once a hacker can compromise credit card data (we’ll get to how very shortly), they want to monetize this data. But who would trust someone who is selling illegal information in a digital format. If they are a thief then what keeps them from selling the same data to multiple people and making even more money? Well, how do you know who to buy from on eBay? Reputation! That’s right carders would give each other feedback online to build their reputation. The enabled people to know who the reputable hackers were and which were not (if that’s even possible to say.)
Historically carders would sell their wares brazenly via online websites such as Boa Factory, CardersMarket, and ShadowCrew. These A-list credit card trading centers gave rise to hundreds of smaller sites such as TheftServices, CCPowerForums, ScandinavianCarding, DarkMarket, DarkPay, and The Grifters.
Boa Factory was run by Roman Vega, a Urkanian national, presently in jail in California. He was king of the underground making large amounts of money selling passports, travelers checks, plastic cards, and “dumps” (what hackers call Track or Magnetic Stripe Data). Roman operated unique to all others in that he subcontracted work to lawyers, botnet owners, hackers, traffickers, and carders.
Shadowcrew was a similar operation but operated as a message board for hackers to trade and exchange illegal credit card information such as “dumps”, CVV2 numbers, social security numbers (SSN), and much more. A hacker with the handle of Iceman ran the bulletin board and policed the illegal activities. Another member of that board David Thomas (aka. ElMariachi) disliked the operation and broke off forming another site called The Grifters. Iceman and ElMariachi disliked each other in ways never imagined. (You can read their banter back and forth in the comments section here. You can read even more about this via a compilation of news articles from CanWest News Service.)
Once law enforcement took down one message board another would pop up, and the carders and buyers would migrate their operations. CardersMarket was the largest of the last online carder forums. It was run by, you guessed it, Iceman. When the police took down CardersMarket they arrested Iceman (aka Max Ray Butler, Max Vision, Digits, Aphex.)
Law Enforcement (LE) quickly caught on and started shutting down each of these online sites. They defaced sites such as ShadowCrew telling the hackers they had taken over the website and would not permit this fraud. Sadly, not all hackers are very smart and some thought it was just a joke. They kept emailing the Secret Service asking for the stolen cards they ordered. Instead of credit cards they received jail time.
These days the online message boards have all but disappeared with the carders moving to older technology as their last resistance against law enforcement. Carders exists in a low-tech world without borders. They exchange credit card data on IRC (Internet Relay Channel) bulletin boards that have a tiered structure based on your level of access.
Now that we have identified the ‘carders’ of the underground, the next article in this series will focus on the actual flow of credit card data - from the POS to the point of monetization. We will also explore how this channel is similar to the current housing market and why prices are so low. Stay tuned.
Popularity: 6% [?]