About Me

Francois Paget
Senior Threat Researcher

Blogs

Consumer (473)
Corporate (155)
Enterprise (460)
McAfee Labs (1123)

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

You have to pay for quality

Wednesday, May 7, 2008 at 10:01am by Francois Paget

The media frequently speaks about the underground economy and quote price ranges for various private goods available for sale. I recently read the trends were bearish, but let there be no misunderstanding about that, if the quality is here, the price will still be high. It is just like the price of food, you have the hard-discount and the luxury stores!!

With this post, I wish to be more precise regarding the data regarding the prices of some cybercriminal groups around the globe.

Last Friday morning in France, my investigations lead me to visit a site proposing top-quality data for a higher price than usual. But when we look at this data we understand that as everywhere, you have to pay for quality. The first offer concerned bank logons. As you can see in the following screenshot, pricing depends on available balance, bank organization and country. Additional information such as PIN and Transfer Passphrase are also given when necessary:

null

For such prices, the seller offers some guaranties. For example, the purchase is covered by replacement, if you are unable – within the 24 hours – to log into the account using the provided details.

The selling site also proposes US, Austria and Spanish credit cards with full information:

ccnumber
cvv2
exp.date
name
adress
city
state/province
zip/postal
phone-number
SSN(US Only)
DL#
MMN

null

It is also possible to purchase skimmers (for ATM machine) and “dump tracks” to create fake credit cards. Here too, cost is in touch with the quality:

null

Depending on the price, you can choose your bank among various lists; more than 900 choices for North America or European countries:

null

Many other offers are available like shop administrative area accesses (back end of an online store where all the customer details are stored – from Name, SSN, DOB, Address, Phone number to CC) or UK or Swiss Passport information:

null

And to convince prospective clients, the site offers some free data to demonstrate their know-how. I partially anonymized some of this data so I could provide an example. If you recognize yourself, do not hesitate to contact the police force so that they may institute legal proceedings.

null

Submit your own comments / message for this post

Comments (5)

Reverse Phone October 14, 2010 3:25PM

10-15 years ago, this kind of data used to be traded in underground usergroups and via confidential fax. Amazing how how “packaged” the bundles are now.

TYRONN July 7, 2008 3:11PM

i would like to know more about this underground economy
can i know the websites or contacts for acquiring info

email me danstraussureach dot com

Thomas Opel May 13, 2008 11:51AM

If you really can also get PINs from underground websites and this can be proved at court, this could be very helpful to change german iurisdiction, which currently transfers the risk to the consumers, in case money has been stolen with a creditcard and entry of a correct PIN, assuming that the card holder somehow gave access to the PIN (eg. quote on the back of the card).

Is there a chance to post a link to such a underground website ?

DEUTSCH
Wenn man tatsÃ¤chlich auch an die PINs kommt und dies vor Gericht dargestellt werden kann, gÃ¤be es vielleicht endlich eine Chance fÃ¼r ein Umdenken in der deutschen Rechtsprechung, die immer wieder die Verbraucher im Regen stehen lÃ¤sst, wenn mit einer Kreditkarte und Eingabe der richtigen PIN Geld abgehoben wurde.

Gibt es eine MÃ¶glichkeit hier einen Link zu einer solchen Site zu posten ?

Iang May 10, 2008 7:20AM

Nice work … watch out for those Austrian kangaroos though, AU is australia

Little Saturn May 10, 2008 5:42AM

Hi,

Pls publish the url where they are being sold. Then it would be easier to sell security to senior management

About Me

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

You have to pay for quality

Submit your own comments / message for this post

Comments (5)