Brian Krebs, source of a lot of key research on the banking trojan focus on small to medium sized business, has reported that cyber-vigilantes have rattled the cage of a major carder site by posting their member’s passwords:
- Ironically, the anonymous authors of the e-zine said they were able to compromise the criminal forum because its operators had been sloppy with security. Specifically, they claimed, the curators of Carders.cc had set insecure filesystem permissions on the Web server, which essentially turned what might have been a minor site break-in into a total database compromise.
Brian has this to add:
- In addition, these types of vigilante attacks typically come with hidden costs: For one thing, while it may be true that law enforcement officials could use some of this information to locate people engaged in computer trespass, and buying or selling stolen personal and financial data, the public release of this information could just as easily prompt those individuals to abandon those accounts and Internet addresses, and even potentially jeopardize ongoing investigations.
- Most likely this is from a rival organization but wouldn’t it be interesting if this were the new trend in cyber crime fighting? Since there is no clear and unified jurisdiction, cyber mercenaries may discover a niche market in attribution retribution or monkey-wrenching cybercriminal enterprises. Of course, any of these actors found operating from within the US would make them liable to our jurisprudence.
- Personally I tend to think that Law Enforcement could use some of this data – not all divisions correlate their data quickly and open source like this can actually assist local law enforcement depending on how it’s used. IP addresses, for instance, when correlated back to local spots could provide key intelligence for ongoing local investigations which would likely never see the light of day if held within a Federal file.
- Most criminals are lazy and won’t change their accounts or methods of password generation significantly. Therefore this contains plenty of password and IP address research potential.
+++++++Be careful using this resource, now that we’re all linking to it I can see that it easily could have malware set up in the future+++++++
http://sec-r1z.com/stfu/carders/exp01.txt <- use at your own risk.
UPDATE [11:19 PDT]: Check out this analysis which reveals several interesting data points:
- Do the fraudsters have favorite e-mail services?
- Do the fraudsters use more gTLDs or ccTLDs?
- Do the fraudsters use only generic webmail providers, or do they also use specific providers? Maybe even corporate addresses?
Securing Our eCity Contributing Writer
Author ESET Research, We Live Security