Credit card data has been traded on the cyber black-market for a number of years. The relatively recent breaches of TJX Companies (owner of T.J. Maxx) and Heartland Payment Systems show the extent to which criminals will go in order to harvest credit card numbers, social security numbers, names, addresses and more. All this legitimate (but stolen) information fuels a world of cyber crime.
In this article we show that, unlike what you might think, the credit card black-market operates very much in the open. Below we point out websites, which can be used to tap into the cyber black-market and find stolen credit card numbers and the associated credentials to purchase for any purpose they desire. We also show instant messenger handles, emails and details of what cyber criminals are selling on the Internet.
We analyzed 429 unique domains and 615 unique URLs. Each of these URLs contained information about buying stolen credit card information. Each URL lead to a web page where cyber-criminals have posted details about how to interact with them and buy stolen financial credentials. In the majority of cases, cyber criminals who are selling this information can provide one of the following types of data.
The data for this article was collected between February 27th and March 2nd, 2010.
Basic Credit Card Information Offers:
Usually consists of credit card number, type, expiration date and CVV.
USA & CANADA CCV2 VISA/Mastercard ~ 2USD/each AmEX/Discover ~ 4 USD/each UK & WU CVV2 VISA/Mastercard ~ 3USD/each AmEx/Discover ~ 5USD/each
Premium Credit Card Information Offers:
Usually consists of credit card number, type, expiration date, CVV, SSN, Home Address, Full Name, Date of Birth and much more.
USA & CANADA CCV2 VISA/Mastercard ~ $35/each UK & EU VISA/Mastercard ~ $40/each ACCOUNT INFORMATION: First Name: xxxxx Last Name: xxxxx Address: xxxxx xxxxx xxxxx xxxxx Apt: City: Homestaed State: FL Zip: xxxxx Home Phone: (xxxxx)xxxxx-xxxxx Work Phone: (xxxxx)xxxxx-xxxxx Email: email@example.com SSN: xxxxx-xxxxx-xxxxx License Number: xxxxx-xxxxx-xxxxx-xxxxx-xxxxx License State: FL DOB: 09/xxxxx/xxxxx PAYMENT INFORMATION: Credit Card Type: VISA Number: xxxxxxxxxxxxxxx CCV: 889 Expiration Date: 11/2008 Name: xxxxx xxxxx Card Name First: xxxxx Card Name Last: xxxxx
PayPal Information Offers:
Verified account ~ 20USD/each Verified account with email pin ~ 25USD/each Verified acccount with full info ~ 35USD/each unverified account ~ 10USD/each
Some domains host multiple instances of stolen Credit Card Ads, (CC-Ads). We present the frequency distribution of CC-Ads on each unique domain below.
It is clear from the current state of the credit card black-market that cyber criminals can operate much too easily on the Internet. They are not afraid to put out their email addresses, in some cases phone numbers and other credentials in their advertisements. It seems that the black market for cyber criminals is not underground at all. In fact, it’s very “in your face.” Clearly a more concerted effort is required to clamp down on this problem. Simply tying up loose ends on the enterprise side is not enough to combat this problem when there is virtually nothing to stop criminals from touting their stolen wares freely in the Internet.
Editor’s Note: We are providing a limited list of sites as an example of the brash lawbreaking behavior of these cyber criminals. We believe it is important for the purpose of this article that the reader be able to verify our statements. Additionally, we believe that consumer awareness of the problem can only serve to reduce the ease with which these criminals operate.
Forums used to buy and sell stolen credit card information:
*hxxp://ghostmarket.net *hxxp://gayatheists.2.forumer.com *hxxp://www.pakbugs.com/sell *hxxp://forums.lava-carding.com *hxxp://www.offcarding.forums-free.com *hxxp://hack0rz.forums-free.com *hxxps://security-shell.ws *hxxp://silverspam.net *hxxp://sellcvv2.forums-actifs.com
People who interacted with “ubuntu_kana” (Yahoo messenger):
People who interacted with “peeseller” (Yahoo messenger):
People who interacted with “bagiabancc” (Yahoo messenger):