Slashdot Mirror
178 Arrested In US/EU Credit Card Cloning Ops
eldavojohn writes with this report from Brian Krebs: "Authorities have moved in on 178 people accused of working in credit card cloning labs across the USA and Europe, but with the bulk of the work apparently operating out of Spain. The source states that 'Police in 14 countries participated in a two-year investigation, initiated in Spain, where police have discovered 120,000 stolen credit card numbers and 5,000 cloned cards, and arrested 76 people and dismantled six cloning labs. The raids were made primarily in Romania, France, Italy, Germany, Ireland, and the United States, with arrests also made in Australia, Sweden, Greece, Finland, and Hungary. The detainees are also suspected of armed robbery, blackmail, sexual exploitation, and money-laundering, the police said.' Krebs notes a new credit card debuting at Turkish banks that appears to have a built-in LCD that has a random six-digit number associated with each transaction much like RSA SecurID keys used for computer logins."
Er, a reasonable working definition of "random" is "you can't predict it." The card changes its displayed number every N seconds. The card's pseudo-random number generator has an algorithm and a seed value which are generally unknown to the user, and unknown to the merchant. It was produced in sync with the server, and continues to compute the numbers in parallel with the server. Even if the thief knows the algorithm, they would require significant time (an understatement) to acquire enough samples to accurately predict the next number that the server is expecting. So, for all practical purposes, yes, it's random.
[
Most of these people aren't doing it because it's lucrative. They do it because they have no legitimate options. The lowest rungs of any criminal enterprise gets paid shit wages just like any business. 200 people at 20k a year is 4 million for payroll. That leaves over 20 million for the boss.
Give me Classic Slashdot or give me death!