> The source said that he had bought a large batch of stolen cards from an underground site and that they all appeared to have been used at Target.
Interesting sidenote in the Target hack. First, something that you might not know: not one of these breaches (that is Target, Neiman Marcus, Michaels, etc.) was discovered by the actual affected companies - they were all discovered by bank and security officials in the underground markets.
Bank and infosec people worked out a while ago that rather than wait for breaches to be discovered, it'd be best to set yourself up on the underground markets in the guise of a purchaser - buy up cards, correlate purchase history and work out who has been hacked. It is this type of reconstruction that lead back to Target, Neiman Marcus, et al.
Target was discovered not too long after the hackers had ramped up their sniffing, and with the response from banks and computers it meant the overall 'score' wasn't that great. A hack that should have provided enough dumps for the entire underground for more than a year ended up lasting weeks.
So score one for the good guys.
The problem now is that the black hat groups have wizened up to this. A few things are happening.
First, there has been a bit of a purge of users in the forums. It is harder than ever to get into the private forums.
Second, cards are now being 'laundered'. You take dumps from different sources and combine them together, to the point where it would be difficult to find out where the cards were stolen from. Being from a particular source used to be a selling point for the traders, but now they are blurring a lot of that info out and combining different dumps and then slicing them for sale in other ways (usually IBAN, State and Expiry).
The public 'auto sites' that sold these dumps have all been taken down, after getting a lot of attention over the Target attack. Many complete novices sought out the underground sites after the Target breach reporting in the mainstream media, flooding the forums with newbie questions and requests in a mini eternal september.
It is possible that with the underground adapting in this way and the state of security still being so poor that we won't even find out about the next big breaches.
Is there a bright side to this, though? Doesn't this mean that the barrier to entry will increase for this kind of crime, and thus a smaller group of criminals will be able to perform it? Maybe that's small consolation, considering that only a handful need to do it to cause widespread havoc. Still. I hope this isn't all bad.
You can now buy credit cards on some of the new underground markets that are replacing Silk Road.
Find the type of card you want, select how many you want ($5-20 each) and go through the checkout process, just like shopping on Amazon.
What happen is that there is now another tier of distribution - the bulk guys aren't selling directly to the public any more but there are people buying from them who are, and they are making it easy.
The bright side is that with chip+pin the horizon for dumps is short, but that leaves CVV's (card not present carding, used in online fraud).
It is bitcoin almost everywhere in the underground now. It used to be "accept LR, WM, UK" (meaning liberty reserve, web money, ukash, etc.) on vendor forum posts but now the payment method isn't even mentioned since it is assumed to be bitcoin.
> Being from a particular source used to be a selling point for the traders, but now they are blurring a lot of that info out and combining different dumps and then slicing them for sale in other ways (usually IBAN, State and Expiry).
I was looking at one of the newer carding shops on Tor and was wondering why they were splitting all their dumps that way. Guess now I know why.
The online crime world has a bitter hatred of Krebs, moreso than any other "white hat" out there probably. Numerous malware families include references to him in their source code, control panels, and domain names.
As a security researcher I frequently find botnet command & control panels that have a picture of Krebs' face above the login form. Domain names similar to "briankrebsisachildmolestor.com" are sometimes used to host malware and botnets.
Considering all that, plus the real-life harassment he's gotten (death threats, the heroin framing attempt, SWATing), I hope he invests in a good home security system. Or a security guard.
Not to take anything away from Brian, but I'd say the online crime world's hatred of Dancho Danchev is probably right up there, if not more. He has blogged[1] almost consistently about different malware campaigns, and for awhile was actually thought to be kidnapped[2].
Somehow I don't think a 1 and a half metre long gun is that appropriate for self-defence, if you're worried about people creeping up on you. Maybe I'm wrong, but I can't see much in the way of a quick draw being possible. I guess when you hear the front door being broken down you can be prepared with a robust response.
Or perhaps he has a tiny train for making his getaway, wallace and gromit style?
True, a shotgun is not the sort of thing you'd carry for personal defense outside your own property, but for home defense, a 12-gauge pump-action is as good as anything, and better than most -- especially when, as mentioned in the article, you have surveillance cameras at the approaches, so you can see any unwanted guests coming with enough time to prepare for their arrival.
The best type of firearm to have for personal defense is the one you have on you, not in your gun safe. The 12-gauge is only beneficial if you're going to carry it with you from room to room, keeping it at your side at all times.. The time between hearing someone kick in your door to being on you is just a few seconds, there's no time to open a safe. So in this type of scenario the 12-gauge isn't bad, but I'd probably still prefer a pistol on an over the waist band or shoulder holster. When you don't need to conceal it's not that difficult to carry around a full sized pistol in any reasonable defense caliber. It appears that this guy is toting his shotgun with him though, so I guess there's that.
As an ex-journalist I'm really envious of Krebs' sources and understanding of this space. I also think his background as a journalist (reporting and writing skills) might have allowed him to be far more effective than many others in the space with comparable technical skills.
Given the current state of policing in the US swatting someone has a non-zero chance of getting someone severally beaten, tazered, tear gassed, or just shot. I don't know of any deaths, but there have been some really close calls reported in the press and and injury plus property damage. I don't think that really qualifies as a good prank, more of a harassment/endangerment tactic.
Thanks for the map! I should clarify that I was unaware of deaths specifically attributable to a deliberate swatting incident, the death rate in SWAT raids & no-knock raids is ridiculous. It may be much lower than the death rate from "accidental" shootings of even as specific a group as say young black men who turn out to have no criminal record, are unarmed, and aren't engaged in any criminal activity at the time of the incident, but swatting is more outrageous-seeming to most of the majority who have less worry about being shot by the police. I suspect that the fact that it's a deliberate act of endangerment also increases the perceived significance of the risk - malice is more threatening than incompetence even when it's rare and even if it's less dangerous.
Well, it's effective, but it's certainly not good. It wastes police resources, can result in your door being kicked down (they don't compensate for repairs), your dogs could be shot, you could be tazed or shot, etc.
oh wow, so cops can go in your house, kicking door and shit, and then even if they did it for no good reason, the bill is on you ? The US are such a wonderful country.
Interesting sidenote in the Target hack. First, something that you might not know: not one of these breaches (that is Target, Neiman Marcus, Michaels, etc.) was discovered by the actual affected companies - they were all discovered by bank and security officials in the underground markets.
Bank and infosec people worked out a while ago that rather than wait for breaches to be discovered, it'd be best to set yourself up on the underground markets in the guise of a purchaser - buy up cards, correlate purchase history and work out who has been hacked. It is this type of reconstruction that lead back to Target, Neiman Marcus, et al.
Target was discovered not too long after the hackers had ramped up their sniffing, and with the response from banks and computers it meant the overall 'score' wasn't that great. A hack that should have provided enough dumps for the entire underground for more than a year ended up lasting weeks.
So score one for the good guys.
The problem now is that the black hat groups have wizened up to this. A few things are happening.
First, there has been a bit of a purge of users in the forums. It is harder than ever to get into the private forums.
Second, cards are now being 'laundered'. You take dumps from different sources and combine them together, to the point where it would be difficult to find out where the cards were stolen from. Being from a particular source used to be a selling point for the traders, but now they are blurring a lot of that info out and combining different dumps and then slicing them for sale in other ways (usually IBAN, State and Expiry).
The public 'auto sites' that sold these dumps have all been taken down, after getting a lot of attention over the Target attack. Many complete novices sought out the underground sites after the Target breach reporting in the mainstream media, flooding the forums with newbie questions and requests in a mini eternal september.
It is possible that with the underground adapting in this way and the state of security still being so poor that we won't even find out about the next big breaches.