Comments on: Inside a stolen credit-card site http://boingboing.net/2010/09/22/inside-a-stolen-cred.html Brain candy for Happy Mutants Fri, 24 May 2013 14:48:00 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: Anonymous http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892682 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-892682 None of you are aware of throw away prepaid cards? None of you are aware of throw away prepaid cards?

]]> By: Anonymous http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892691 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-892691 Well, can one pay with a CC ? I don't think so. Payment method is probably WU or Liberty Reserve. Well, can one pay with a CC ? I don’t think so. Payment method is probably WU or Liberty Reserve.

]]> By: tammo http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892705 tammo Wed, 30 Nov -0001 00:00:00 +0000 #comment-892705 You pay with Webmoney. They don't accept CCs. Otherwise it could create an endless loop of fraud that would disrupt our space/time continuum. You pay with Webmoney.
They don’t accept CCs.

Otherwise it could create an endless loop of fraud that would disrupt our space/time continuum.

]]> By: Shift http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892713 Shift Wed, 30 Nov -0001 00:00:00 +0000 #comment-892713 People on the blog site were asking similar questions. Re, Payment options: <i>For all those who are asking, payment is made via LibertyReserve and/or Webmoney, virtual currencies that are popular in the underground.</i> http://krebsonsecurity.com/wp-content/uploads/2010/09/rock3dccpay.jpg You guys didn’t really think the proprietors of this shop would accept credit cards, did you? </i> Re, issuers buying cards: <i>It doesn’t cost the issuer a penny. All the costs of stolen cards are borne by the merchants that unknowingly accept payments from them. Not only does each and every affected merchant pay back the money charged, eating both that loss and the loss of product/service if already shipped, but they pay a chargeback fee to cover the bank’s cost in dealing with the paperwork.</i> <i>One stolen card, used at 5 stores, could generate over $100 in chargeback fees. It might actually be a profitable occasion for the bank!</i> Interesting info. People on the blog site were asking similar questions.

Re, Payment options:

For all those who are asking, payment is made via LibertyReserve and/or Webmoney, virtual currencies that are popular in the underground.

http://krebsonsecurity.com/wp-content/uploads/2010/09/rock3dccpay.jpg

You guys didn’t really think the proprietors of this shop would accept credit cards, did you?

Re, issuers buying cards:

It doesn’t cost the issuer a penny. All the costs of stolen cards are borne by the merchants that unknowingly accept payments from them. Not only does each and every affected merchant pay back the money charged, eating both that loss and the loss of product/service if already shipped, but they pay a chargeback fee to cover the bank’s cost in dealing with the paperwork.

One stolen card, used at 5 stores, could generate over $100 in chargeback fees. It might actually be a profitable occasion for the bank!

Interesting info.

]]> By: Shift http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892716 Shift Wed, 30 Nov -0001 00:00:00 +0000 #comment-892716 That's what I get for not hitting preview. Tags got all messed up. That’s what I get for not hitting preview. Tags got all messed up.

]]> By: Narual http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892721 Narual Wed, 30 Nov -0001 00:00:00 +0000 #comment-892721 An article like this might be a great way to catch a bunch of people trying to buy credit card numbers for the first time. An article like this might be a great way to catch a bunch of people trying to buy credit card numbers for the first time.

]]> By: Rob Agar http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-893508 Rob Agar Wed, 30 Nov -0001 00:00:00 +0000 #comment-893508 Tony as in Soprano perhaps? Makes sense if the houses in McClean VA big & tasteless with doric columns and whatnot. Tony as in Soprano perhaps? Makes sense if the houses in McClean VA big & tasteless with doric columns and whatnot.

]]> By: pinehead http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892745 pinehead Wed, 30 Nov -0001 00:00:00 +0000 #comment-892745 .cc indicates they're registered in the Cocos Islands, near Australia. A simple WHOIS tells us that the registrar for both Rock3D and their domain host, WebNIC, is Web Commerce Communications Limited DBA Webnic.cc. WebNIC has been in business since 2000, though their credit fraud site has only existed since October of 2009. My point is that this isn't simply some savvy geek or two, looking to host their crooked site offshore. This is an organized front company, who may possibly be getting their credit card numbers from unwitting customers who do business through any of their other servers. CAVEAT EMPTOR! Always be sure of who it is you're doing business with, people! Amazon and eBay aren't likely to screw you, but shady domains in non-extradition countries ought to be avoided like the plague. Do a little homework on the proprietor if you need to, before simply handing over your information. .cc indicates they’re registered in the Cocos Islands, near Australia.

A simple WHOIS tells us that the registrar for both Rock3D and their domain host, WebNIC, is Web Commerce Communications Limited DBA Webnic.cc.

WebNIC has been in business since 2000, though their credit fraud site has only existed since October of 2009. My point is that this isn’t simply some savvy geek or two, looking to host their crooked site offshore. This is an organized front company, who may possibly be getting their credit card numbers from unwitting customers who do business through any of their other servers.

CAVEAT EMPTOR! Always be sure of who it is you’re doing business with, people! Amazon and eBay aren’t likely to screw you, but shady domains in non-extradition countries ought to be avoided like the plague. Do a little homework on the proprietor if you need to, before simply handing over your information.

]]> By: Anonymous http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-893520 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-893520 McLean has a lot of McMansions and a lot of fancy shopping malls. It thrived as a DC suburb because it was far enough away to make land cheaper, but not so far that a commute was impractical. So, yeah, based on McLean's reputation, and probably supported by Census data too, "tony" (meaning fancy/stylish/upper-class) is not a bad way to broadly describe it. McLean has a lot of McMansions and a lot of fancy shopping malls. It thrived as a DC suburb because it was far enough away to make land cheaper, but not so far that a commute was impractical. So, yeah, based on McLean’s reputation, and probably supported by Census data too, “tony” (meaning fancy/stylish/upper-class) is not a bad way to broadly describe it.

]]> By: SamSam http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892790 SamSam Wed, 30 Nov -0001 00:00:00 +0000 #comment-892790 An extra $0.60 hardly seems like a "scam" worth writing a whole article about, unless I misunderstand how credit card buyers do business. Maybe people who buy stolen credit cards always buy in lots of a 1000 cards, so that they can automatically try all possible cards for the one that hasn't been disabled? I'm amazed in general by how cheap this is. I guess each card is practically free for the seller, although not really once you factor in the cost of setting up sites to steal cards, and the chance of being thrown in jail. But you'd think buyers would be willing to spend much more? Maybe again you need to buy many hundreds of cards to get one that will pay off the big bucks? An extra $0.60 hardly seems like a “scam” worth writing a whole article about, unless I misunderstand how credit card buyers do business. Maybe people who buy stolen credit cards always buy in lots of a 1000 cards, so that they can automatically try all possible cards for the one that hasn’t been disabled?

I’m amazed in general by how cheap this is. I guess each card is practically free for the seller, although not really once you factor in the cost of setting up sites to steal cards, and the chance of being thrown in jail. But you’d think buyers would be willing to spend much more? Maybe again you need to buy many hundreds of cards to get one that will pay off the big bucks?

]]> By: Anonymous http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892793 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-892793 @pinehead Um, WebNIC is a domain registrar. Rock3D might have paid a small fee to have ownership remain anonymous. A lot of registrars have that feature. Instead of the actual owners information, it publishes the registrar's on WHOIS. However you are right, people need to be more careful who they give their info to. @pinehead
Um, WebNIC is a domain registrar. Rock3D might have paid a small fee to have ownership remain anonymous. A lot of registrars have that feature. Instead of the actual owners information, it publishes the registrar’s on WHOIS.

However you are right, people need to be more careful who they give their info to.

]]> By: knoxblox http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892799 knoxblox Wed, 30 Nov -0001 00:00:00 +0000 #comment-892799 Question (about the quote): What exactly does Krebs mean by a "tony place"? Are all the residents rich, and no lower class? Question (about the quote): What exactly does Krebs mean by a “tony place”? Are all the residents rich, and no lower class?

]]> By: foxtails http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-893352 foxtails Wed, 30 Nov -0001 00:00:00 +0000 #comment-893352 I was wondering the same thing, since I've never heard the expression before. Urban Dictionary and Idiom Dictionary both failed me. I was wondering the same thing, since I’ve never heard the expression before. Urban Dictionary and Idiom Dictionary both failed me.

]]> By: Thebes http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-893355 Thebes Wed, 30 Nov -0001 00:00:00 +0000 #comment-893355 I must say I am astonished at how cheaply credit cards can be bought. I wonder about that, do they sell the data multiple times? Seems it would "go bad" really fast and upset their customers whose (proxied) IPs will soon end up in scrubbing databases... wonder who the people buying it scam with it, given how online transactions are scrubbed now-a-days.... but then maybe thats why its so cheap. I must say I am astonished at how cheaply credit cards can be bought.

I wonder about that, do they sell the data multiple times? Seems it would “go bad” really fast and upset their customers whose (proxied) IPs will soon end up in scrubbing databases… wonder who the people buying it scam with it, given how online transactions are scrubbed now-a-days…. but then maybe thats why its so cheap.

]]> By: Anonymous http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892593 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-892593 When the user pays for these stolen credit cards, I assume they needs to enter their credit card number. Which this company then steals and sells on?! When the user pays for these stolen credit cards, I assume they needs to enter their credit card number. Which this company then steals and sells on?!

]]> By: Nadreck http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892858 Nadreck Wed, 30 Nov -0001 00:00:00 +0000 #comment-892858 The horrors of dealing with bad credit cards straight through the banks are the best reasons for little, and even small-medium, sized folk to deal with the lesser horrors of PayPal. PayPal takes it's percentages off every transaction but you don't have to deal with bad credit cards: PayPal will take the hit for you as long as you stay within their rules. The horrors of dealing with bad credit cards straight through the banks are the best reasons for little, and even small-medium, sized folk to deal with the lesser horrors of PayPal. PayPal takes it’s percentages off every transaction but you don’t have to deal with bad credit cards: PayPal will take the hit for you as long as you stay within their rules.

]]> By: Anonymous http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892612 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-892612 I love how they have a Terms & Conditions page, as though they were a legitimate business who could actually hold you to those terms. It's like Ted Bundy trying to get his victims to sign a disclaimer to absolve him of responsibility for death or serious injury. I love how they have a Terms & Conditions page, as though they were a legitimate business who could actually hold you to those terms. It’s like Ted Bundy trying to get his victims to sign a disclaimer to absolve him of responsibility for death or serious injury.

]]> By: Anonymous http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-894916 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-894916 "tony" is a standard adjective for rich, well-heeled, well-to-do. there's nothing unusual about it. he's just well-read. “tony” is a standard adjective for rich, well-heeled, well-to-do. there’s nothing unusual about it. he’s just well-read.

]]> By: Anonymous http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892616 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-892616 How would you pay for it? How would you pay for it?

]]> By: Anonymous http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892627 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-892627 So what do you use to pay with on these sites? A credit card....? So what do you use to pay with on these sites?
A credit card….?

]]> By: Pantograph http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892628 Pantograph Wed, 30 Nov -0001 00:00:00 +0000 #comment-892628 Scammers scamming scammers? Is there no honor among lowlife scum anymore? Scammers scamming scammers? Is there no honor among lowlife scum anymore?

]]> By: Matt Volatile http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892633 Matt Volatile Wed, 30 Nov -0001 00:00:00 +0000 #comment-892633 I'll be the first one to ask - why would anyone give their credit card details (to pay for these stolen numbers) to people who steal credit card numbers for a living? Also: What's to stop people buying stolen credit-card numbers with a stolen credit card? Also: Why don't the card-processing companies shut down people using their merchant accounts to buy stolen card numbers? I’ll be the first one to ask – why would anyone give their credit card details (to pay for these stolen numbers) to people who steal credit card numbers for a living?

Also: What’s to stop people buying stolen credit-card numbers with a stolen credit card?

Also: Why don’t the card-processing companies shut down people using their merchant accounts to buy stolen card numbers?

]]> By: invictus http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892896 invictus Wed, 30 Nov -0001 00:00:00 +0000 #comment-892896 I don't know what country you're operating in. Nadreck, but credit card companies most definitely take a percentage from every transaction the merchant submits. It all comes down to who takes the smaller percentage. Of course, having recovered money from a Paypal payment before (as a customer, not a merchant), I don't believe PayPal always takes the hit for the merchant, either. It's pretty much just another payment processor. I don’t know what country you’re operating in. Nadreck, but credit card companies most definitely take a percentage from every transaction the merchant submits. It all comes down to who takes the smaller percentage.

Of course, having recovered money from a Paypal payment before (as a customer, not a merchant), I don’t believe PayPal always takes the hit for the merchant, either. It’s pretty much just another payment processor.

]]> By: Anonymous http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892912 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-892912 Maybe serious users pay for the stolen credit card information - with **other** stolen credit card information? Maybe serious users pay for the stolen credit card information – with **other** stolen credit card information?

]]> By: Anonymous http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892663 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-892663 Payment is made through Liberty Reserve or through Webmoney, according to the site. You didn't really think these guys would take a credit card, did you? :) Payment is made through Liberty Reserve or through Webmoney, according to the site. You didn’t really think these guys would take a credit card, did you? :)

]]> By: Anonymous http://boingboing.net/2010/09/22/inside-a-stolen-cred.html#comment-892665 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-892665 Here's a link to a screenshot of the accepted payment methods http://krebsonsecurity.com/wp-content/uploads/2010/09/rock3dccpay.jpg Here’s a link to a screenshot of the accepted payment methods

http://krebsonsecurity.com/wp-content/uploads/2010/09/rock3dccpay.jpg

]]>