Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Living Under Watchful Eyes as a Fraudster

Fraudsters Know That When There’s a Chance Someone is Watching, Loose Talk Can Cost Cash.

Fraudsters Know That When There’s a Chance Someone is Watching, Loose Talk Can Cost Cash.

The fallout from the news of the Global Payments breach may be just subsiding, but one thing can already be said – this probably isn’t the last processor that will be breached. It can be said because Global Payments isn’t the first one to be breached, either. Other processors – large processors – have already been victimized by sophisticated attackers interested in looting the coveted data that was stored within their corporate networks. Processors are not the only ones getting hacked for the purpose of obtaining payment card data; merchants are getting breached, as well. Whenever one of these breaches goes public, the estimations in most cases are that the compromised data will find its way to the underground economy – sold by vendors through the forums or dedicated credit card stores. This often begs the question from our customers whether there’s any underground chatter that would link a certain credit card vendor to the breach. Our answer is usually the same.

Fraudsters know that they are being monitored by various organizations. They read Krebs’ blog, which often contains posts from the underground, they follow Dancho Danchev as he exposes specific underground resources, and some of them are probably avid readers of SecurityWeek as well! Add to that the fact that law enforcement has the tendency of shutting down forums, and from time to time even take them over, and they don’t have to be double-O-seven to realize that they are being watched.

Not only that, but fraudsters claim to one another that whatever is caught by the watchful eyes of white hats and law enforcement would immediately lead to action. As one fraudster noted, once a vulnerability (in a bank’s process) becomes public knowledge and is posted for everyone to see, it will no longer work soon afterwards. This belief has led those who participate in the public channels of the underground to be more guarded. If in the past fraudsters posted highly detailed tutorials on how to defraud specific banks, now the only tutorials that can be found are extremely generic instructions for conducting fraud. Whenever a newbie fraudster posts a statement or a question about a vulnerability, it would be deleted by the administrator the moment he sees it, in hopes to maintain the usability of the technique.

For the same reason fraudsters would never intentionally disclose the sources of the goods and services they offer. Whether these are credit cards from a large breach, cards from a small hacked merchant or SSN lookup services that piggyback legitimate online services, fraudsters would not reveal their sources. In some cases, fraudsters don’t only keep this secrecy to protect themselves from white hats, but from their peers as well.  If fraudsters knew about the legitimate services used by certain fraud vendors, they wouldn’t need the vendors anymore – they would just go to the source. 

Other measures taken by fraudsters to protect their communication channels are also used to keep out other types of persona non grata, such as rippers. These include closing down the websites to new members, unless they are vouched for by fraudsters whose legitimacy has already been proven. Even requiring a registration fee is enough to weed out many researchers-bloggers-reporters and law enforcement agents.

The chances that fraudsters would openly discuss the source of a certain batch of credit cards that is offered for sale in the underground are slim. Fraudsters know that they are watched and while some chatter may exist in closed circles, they know that when there’s a chance that someone is watching – loose talk can cost cash.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.