The Industrialization of the Underground Economy
The underground economy is made up of a very large group of websites that act as a marketplace for the trade of illegal services and stolen goods. It’s a platform where identity theft vendors and buyers can meet in “public” areas (public in the sense that all those with access can see posts by the other members) before continuing the discussion to close a deal in private. Compromised bank accounts and credit cards, kits to set up Phishing attacks, fake document manufacturing and credit card skimming devices are only a small portion of what is available for purchase in the underground economy.
Much of the trading in the underground economy still takes place “the old fashioned way.” A vendor gets verified by the administrators of a forum, creates a post including all of the details about what he’s selling (cost, contact details, etc.), and waits for customers to contact him. The main problem with this method is that as long as the vendor isn’t near the computer chatting with prospective customers, he’s not making any money. For this reason, fraudsters developed a new method: the Automated Vending Cart, or Automated Credit Card stores.
How Automated Credit Card stores work
The way these types of stores work is pretty straightforward. First, a buyer registers an account at the store and signs in.
The buyer’s account has a certain balance at the store, which upon registration is empty. Before he can start making purchases, the buyer must fund the account by transferring e-currency to the store’s account.
The store pictures above accepts three types of e-currencies: WebMoney, a legitimate e-currency provider very popular in Russia; the famous Bitcoin; and Bitcoin’s competitor, Litecoin. The store is able to automatically detect when money is transferred to its accounts in each of these e-currencies and associate it with the buyer’s account. Once the account has been funded, a balance will be available for the buyer to use for making purchases.
Making a purchase
Once the account has been funded, the buyer browses through the store’s “shelves,” which are lists of goods that are currently for sale. For many types of goods, including credit cards (which are the most common item sold in such stores), the store provides a “preview” of the record. Find out how much your hacked credit card credentials are worth in the underground economy. This enables fraudsters to pick and choose the goods that they want to purchase and buy according to their specific preferences. In the case of credit cards, for example, the buyer may be after a certain type of card, a card from a certain bank (this can be identified through the “BIN,” the first 6 digits of the card number which represent the issuer), a certain ZIP code, and so on.
The purchasing process works much like any legitimate online store, in the sense that buyers can return goods. Once the buyer has purchased the cards, they are removed from the shelf and the entire record information—credit card number, expiration date, CVV2, full name and address—is made available to the buyer. The price of the purchased cards gets removed from the buyer’s balance. If one or more of the purchased cards has already been deactivated by the bank, all stores have a “return” policy. Buyers have a certain amount of time to contact the store’s administrator with faulty cards in order to get a refund. Some of the more sophisticated stores have automated credit card checkers that verify that the cards being sold are still active at the time of the purchase.
The popularity of these stores is immense. Since their introduction several years ago, many hundreds, if not thousands of stores have appeared. There are “store kits” circling in the underground that enable even vendors with no background in website development to easily set up shop.
Many of the credit cards that are stolen in famous breaches like the Home Depot breach end up being sold in these stores. The stores have a major impact on identity theft, much like the impact ATMs had on the banking industry. Stolen credit cards, PayPal accounts, online banking accounts and many other types of credentials are now available for purchase to anyone, 24/7. For vendors, Automated Vending Carts are a perfect solution for doing business whether they are asleep, playing a game or out on a date.
The success of these stores has pushed fraudsters to explore what else in the trading business can be automated, and thus new services which were once performed manually have developed into automated ones. This includes methods by which fraudsters recruit mules to turn stolen credentials into cash.
The Federal Bureau of Investigation has called this “The Industrialization of the Underground Economy.” We call it a testament to the identity thieves’ ingenuity and drive, as well as a whole lot of trouble.
Did you enjoy this post? If so, subscribe to get a weekly roundup from BlogDOG.