Web Fraud 2.0 — Point-and-Click Cracking Tools

An anonymous reader writes "The Washington Post's Security Fix blog is running a fascinating series that peers inside some of the Web-based services cyber crooks are using to ply their trade: from masking their identity, to defeating CAPTCHAs, to creating counterfeit documents and validating stolen credit and debit cards. Everyone familiar with this space hears about these kinds of tools and services all the time in the abstract, but the Post blog includes screen shots and background details on the popularity of the services and how each one is helping to bring cyber crime that much closer to the realm of even the most newbie scam artists." Many of these tools require a working knowledge of Russian. Wouldn't surprise me to learn that Chinese-language tools exist too.

Re:Holy Stereotypes!

[Anonymous Coward]

http://www.spamhaus.org/statistics/countries.lasso

1 United States 1571
2 China 428
3 Russian Federation 305
4 South Korea 197
5 Germany 180
6 United Kingdom 180
7 France 177
8 India 153
9 Japan 147
10 Brazil 147

In other words, the US beats the next 7 countries combined, Germany, France and the UK together beat China and every two of them beat Russia.

We'd be a lot better at fighting the bad guys if we wouldn't assume that "we" are the good guys.

Re:Holy Stereotypes!

[Anonymous Coward]

http://www.spamhaus.org/statistics/spammers.lasso

  1 HerbalKing India
  2 Vincent Chan / yoric.net Hong Kong
  3 Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov Ukraine
  4 Nikhil Kumar Pragji / Dark-Mailer Australia
Queensland
  5 Ruslan Ibragimov / send-safe.com Russian Federation
  6 Leo Kuvayev / BadCow Russian Federation
  7 Pavka / Artofit Russian Federation
  8 Russian Business Network Russian Federation
  9 Yambo Financials Ukraine
10 Alexey Panov - ckync.com Russia

Re:Using postal information to validate cards

[snowraver1]

To me, this is a problem for the Credit Card companies to fix. I think that some companies offer this already, but there should be a service that is included in the credit card that you can to to your bank's website and request a one-time credit card number. It can only be used once, and only for the amount that you specify.

Re:Excellent work kdawson

[palegray.net]

Africa is not a nation. Africa is a continent containing many nations.

Re:Using postal information to validate cards

[palegray.net]

No matter who you bank with, you can make one-time payments using the PayPal Plugin [paypal.com], even to merchants who only accept traditional bank cards.

Re:Using postal information to validate cards

[Carlosos]

I heard one the show "Security Now" that those one-time payments are NOT one-time payments. It only means that a virtual credit card is created that will expire next month which could leave 60 days of abuse. You have to remember to close the virtual credit card manually after every use. I know Citi Bank has a similar service that I use but they also allow to set a limit for the virtual credit card so that not more can be charged.

You need to look for Klingon tools

[wiredog]

here. [klingon.org]

Re:Holy Stereotypes!

[ahabswhale]

Utterly meaningless statistic. Foreign spammers know that their spam must originate from the U.S. or it has an almost 0% chance of reaching American mailboxes. Consequently, they search constantly for server and user machines in the U.S. they can easily compromise.

Re:SANTA -- not really offtopic :)

[commodoresloat]

heheh... I don't recall the backstory behind this, but SATAN actually distributed for a while with a utility called "SANTA" that would change the name of the tool (and all references in the docs and so forth) from "Security Analysis Tool for Analyzing Networks" to something like "Security Analysis Network Tool for Administration" in order to get rid of the potentially disturbing acronym.