Security vendor FireEye recently published a report describing the carder business of two cyber criminals called “Vendetta Brothers.” The two cyber criminals are likely operating out of Spain and Eastern Europe. They currently operate an underground website for selling stolen credit and debit card data from 639 banks in 41 countries via phishing attacks. They offer about 10,000 cards for sale, which is relatively small comparing to other carder business. One interesting thing is that how the brothers operated to scale their criminal business. They diversified their business using legitimate business tactics like outsourcing. One tactic is that they partnered with hacker without malware to obtain card data but have gained access to POS terminals remotely or physically. The brothers have the hackers to di the dirty work and so they can focus on higher-level planning. One thing I’m surprised is that the data of 10,000 stolen cards is still considered as small carder business. If 100,000 cards are considered as a large business and there are 10 carder businesses exist, 0.1% of world’s credit card information may be stolen, since the number of world’s credit cards is around 1 billion in 2015. Another thing is that even hackers now are able to use business tactics to mange and scale their operations. They use legitimate tactics to do illegal business. It makes me think about one of the largest criminal organization, Yamaguchi-gumi in Japan. It operates more like a company rather than a criminal organization. It does have criminal activities like arms trafficking and bank fraud, but it also does legitimate business.
Link: http://www.darkreading.com/vulnerabilities—threats/how-a-pair-of-cybercriminals-scales-its-carder-business/d/d-id/1327066
Roberto Nogueda says
Hello Mengqi- this is a very informative article that reminded me the hackes commited by Alberto Gonzalez, back in 2006 – 2008.
Gonzalez was sentenced to 20 years in prison for stealing millions of dollars in credit and debit cards information from TJX, parent company of TJ Max, and Ross (I think).
Even though we see that technology is getting more complex and more difficult to bridged, hackers still find a way to take what they want and to manipulate the systems at their convenience.
Thank you,
Roberto.
Ahmed A. Alkaysi says
Good point on the use of business tactics in order to scale their “company”. They run their businesses (cyber Mafias) more effectively than a lot of other legitimate businesses, I have link below that describes the different techniques they use to run their organized crime like a business.
https://hbr.org/2011/11/what-business-can-learn-from-organized-crime
Scott Radaszkiewicz says
Hi Mengqi, it’s amazing how organized crime can be. It’s not crime to them, it’s a business. Being in the IT field I always new how vulnerable we were to crime. You do what you can to prevent it, but unfortunately, it’s part of doing business. IF we want to bank online, we have to realize that fraud is going to happen. But it’s not ever going to stop. If we end online banking, they’ll just go back to robbing you on the street! 🙂
Mauchel Barthelemy says
Great article Mengqi.
I’m note sure where to even begin after reading stories like these. The fact that hacker organizations manage to operate like a regular business is out of the norms. This proves that banking systems have major weaknesses and need to do a lot of work to eliminate those flaws. I believe this so-called organization will eventually get caught, but the key is how long will it take before more people’s hard working money are being stolen. This article makes me think of a movie called “Blackhat” starring Chris Hemsworth.