Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

The Value of Free in the Underground Economy

Giving credit cards away doesn’t always conflict with a cybercriminal’s desire to make money – in many cases it supports it.

Giving credit cards away doesn’t always conflict with a cybercriminal’s desire to make money – in many cases it supports it.

Whenever we present about the underground and mention that fraudsters often post compromised credit cards for free we often get the question “Why would they do that?” Considering that unlike the hacker communities of years past, the underground economy is all about the money (and not bragging rights), this is a very legitimate question. After all, if the fraudsters’ goal is to maximize profit, why would they give away stuff they can otherwise sell? The answer is pretty straightforward. Giving credit cards away doesn’t conflict with the vendor’s desire to make money – in many cases it supports it. The focus of the underground economy, maximizing one’s profits, is not exclusive to it but is the focus of every capitalistic market – and that’s not where the similarities end. Just like free samples and promotions exist in any market, so does it exist in the underground economy, with stolen credit cards being the product. However, these free sample promotions are not the result of some sleek underground marketer, but a necessity in some areas of the underground where these vendors operate.

Underground EconomyThis necessity stems from a big issue in the underground economy – trust. In the real world, if one criminal doesn’t hold their end of a bargain, they would suffer dire consequences. However in the underground, members can freely rip off other criminals, then leave the trading area, change their nickname and come back as a fresh entity. This ability motivated many individuals from around the world to do just that, by claiming they’re either buying or selling products and then running away mid-deal with either free products or a buyer’s payment. These individuals are called “rippers” (as they rip off others) and they’re considered the lowest of the low in the online criminal world. Certain areas of the underground which are harder to moderate, such as chat rooms, are filled with rippers who make trading in these circles a perilous thing. A vendor of stolen credit card data needs to prove that he’s “legit” and this is where the free samples come into play. Most vendors have a database of thousands, tens of thousands or hundreds of thousands of stolen credit card numbers. Providing a few or even several dozen free cards can go a long way in proving a vendor’s legitimacy and stimulating business.

Years ago, due to the swelling number of rippers within their midst, fraudsters migrated to a different platform that enabled much stricter moderation – forums. Unlike chat rooms, forums can provide a community with gates and the means to throw rippers out of them. Escrow services, outing rippers and a vouching system were put into place in order to provide “legit” criminals with a safe environment to trade in. Anyone interested in becoming a vendor on the forums first had to receive a coveted stamp of approval by the moderators, a special “verified vendor” status. This meant parting again from some free samples in order to have the products reviewed, but these samples were sent to a limited group of individuals instead of the whole community. A “verified vendor” status meant a huge increase in business, as they were considered trustworthy. Of course, some verified vendors proved to be turncoats and misused this trust, ripping off buyers when the opportunity was ripe.

Cybercriminal UndergroundStolen credit cards are not only posted exclusively in chat rooms, though. In the aftermath of DarkMarket, CardersMarket and GhostMarket, many English-speaking forums that opened up were more similar to chat rooms than their ancestral mega-boards, with little moderation and an all-business no-community approach. Vendors interested in operating on those boards were required to follow the same tactics as in the chat rooms, posting free credit cards for the community to prove their legitimacy. In other types of forums, ones that are not part of the underground and focus on online mischief in general, members often search to increase their reputation in the community, in order to climb through the ranks even when they are not selling anything. In such cases, posting free credit cards (that in many cases are copy-pasted from other forums) can help achieve that. Instead of simply selling credit cards, some underground vendors used forums and credit card samples in a different business model. Each vendor opened up a carding forum, in which he posted free card samples on an on-going basis. These posts were meant to draw other fraudsters to the forum. Once the forum had enough members, the vendors created a special “VIP” section, where additional cards were shared exclusively with the members who were able to access the section. In order to become a VIP member, of course, one had to pay the vendor for it.

As long as the underground economy continues to be riddled with trust issues, vendors will continue to have to prove their worth. While in the more exclusive and sophisticated circles, fraudsters rely on building a name for themselves and provide the best possible service, those catering to the “common folk” will have to show that they don’t only talk the talk – but walk the walk.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.