How cyber crooks turn your data into cash

Date:1 September 2011 Tags:,

The massive data breach of Sony’s PlayStation Network in April took down the service for 23 days, compromised the accounts of more than 100 million users and exposed 12,3 million credit cards to hackers. But what, exactly, happens to credit card and financial accounts once they enter the cyber-crime underworld? We asked Austin Berglas, cyber division coordinator at the FBI, and Dean de Beer, chief technology officer of security firm ThreatGRID, to guide us through the process by which criminals steal money from your financial accounts and sneak it offshore. – Glenn Derene

The heist
Hackers typically harvest data directly from users via malware or through online scams (see fake antivirus software), or they infiltrate large databases (see Sony’s PlayStation Network) to steal thousands of accounts at a time.

Off to market
Hackers often verify stolen credit cards with small transactions, then trade them in “cc dumps” – online marketplaces frequented by “carders”. Verified active accounts fetch higher prices.

Printing press
Carders who purchase complete Track 2 credit card data (both the card number and the CVV security code) can print their own magnetic-stripe cards, then hire “money mules” (often foreign students) to withdraw cash from ATMs.

Off shore connection
Once the stolen account is turned into cash, the mules either wire the money overseas via services such as Western Union, or convert it to e-currency via services such as e-gold and PayPal and transfer it to the overseas accounts of criminal syndicates. If the mules get caught by law enforcement, they usually have no idea who hired them.

The eBay route
Money mules are also recruited by carders through make-money-from-home scams. The mules buy goods online with stolen credit card or PayPal accounts, get them shipped to PO boxes or abandoned addresses and then re-sell the merchandise online.

Latest Issue :

December 2020