Underground Activity Index

Underground Activity Index

One of the biggest problems related to security breaches is that often the breaches will go undetected for long periods of time, perhaps weeks, months or even years.  When these breaches involve theft of credit card data, it can be devastating to card holders, business that accept credit cards, and the banks that supply the cards.

Currently, there is a new security project called the Underground Activity Index, that is monitoring the real-time prices of stolen credit card data.  Part of the goal of this project is to monitor underground forums where hacked data is regularly sold to those intent on committing  Internet fraud or cloning cards, for the purposes of cashing them out at  various retailers.  This collected data  would then be linked to the source of the security  breach in an attempt to get real-time updates on the breaches, and make the data more quickly available to law enforcement.

Currently one of the services monitoring this type of activity is run by CloudEyeZ, which has found over 300,000 sets of card details from mostly US cards, including Visa, MasterCard, Discover, and American Express.  It is currently reported that Visa cards seem to be the most prevalent type, and can be had for as little as $2.00 a card.

If you do the basic math on this, if a fraudster purchases as little as 10,000 sets of card data, this has the capability to net the hackers $20,000 (or more) per transaction.  Often on these forums, the same card sets are sold over and over, to various criminal enterprises.  So this means it’s very lucrative for everyone involved.

A good example of this was, Kurupt.su — a website specializing in the trade of stolen credit-card numbers, which at the peak of it’s two year existence had more than 6,000 members who bought and sold pilfered data in an online bazaar dedicated to defrauding consumers. It was governed in part by "Fortezza," the nickname of an administrator who exercised tight control over who was allowed into the secret forum. This type of "Carding" website is loathed by banks, victimizes countless consumers in fast-moving global frauds.

The main culprit, Fortezza, aka David Benjamin Schrooten, a 21-year-old Dutch national, was extradited from Romania, he is now in U.S. custody.  Schrooten is currently under indictment on 14 counts ranging from fraud, conspiracy, intentional damage to a computer, and aggravated identity theft.

Another recent example in the Seattle area involved a 21-year-old American man, Christopher A. Schroebel, of Keedysville, Maryland.  He was accused of working with Schrooten, collecting stolen card numbers by installing malware on point-of-sale devices in two businesses in the Seattle area.  In March of 2011, Schroebel allegedly transferred over $33,000 into his Bank of America account. Over the next three months, more than $85,000 was deposited, which prosecutors allege came from selling compromised account numbers and withdrawals made on stolen cards.

All of this gives you a very clear indication of just why hackers are so determined to get into your system by whatever means necessary.

Some questions that you should be regularly asking yourself are:

  • Are all my systems secure?
  • Have I confirmed that all of my systems meet the current PCI compliant standards for credit card usage?
  • Should my systems be compromised, am I prepared to respond quickly and decisively to address, and contain the breach?

CCS has a formal Risk Assessment program to help you minimized our risks and ensure PCI-DSS compliance.  If you would like to have your systems reviewed, please contact the CCS Retail Systems Support Department.  

Leave a Reply