<<<
NEWS FROM THE LAB - Wednesday, May 18, 2011
>>>
 

 
Online Criminals Trading in Twitter Posted by Mikko @ 06:24 GMT

Surely nobody would sell stolen credit cards on Twitter?

Except they do.

For example, check out Mr. SshoaibAhmed:

Shoaib Ahmed, sshoaibahmed, sshoaibahmed607

Let's follow the link…

Shoaib Ahmed, sshoaibahmed, sshoaibahmed607

Indeed, he seems to sell credit card info, most likely collected with keyloggers from infected home computers.

The prices of stolen credit cards range from $2 to $20, depending on the country where they were stolen from:

Shoaib Ahmed, sshoaibahmed, sshoaibahmed607

The "vis" stands for VISA, "mas" for MasterCard, "dis" for Discovery, and "amex" for American Express cards.

Alternatively, if you'd rather not use stolen credit cards yourself, you can have him buy you iPhones, iPads and laptops with stolen credit cards and ship them to you. In practice, the thief will log into an online store, then purchase an iPad as a gift purchase, giving your address as the delivery address and paying for the good with a stolen credit card. An iPad bought like this goes for $150.

Shoaib Ahmed, sshoaibahmed, sshoaibahmed607

But keyloggers collect more than credit cards. They also record passwords when you log into online services.

So this vendor is also selling access to other people's online bank accounts. An account with a balance of $28,000 sells for $1,000:

Shoaib Ahmed, sshoaibahmed, sshoaibahmed607

Finally, to prove he really has the goods, the vendor posts "demo" information. Which basically is personal information on a handful of victims, including names, home addresses, credit card numbers, and passwords (heavily redacted here):

Shoaib Ahmed, sshoaibahmed, sshoaibahmed607

The accounts shown above have been reported to relevant authorities.