Who's Selling Credit Cards From Target?

← Back to Stories (view on slashdot.org)

Who's Selling Credit Cards From Target?

Posted by Soulskill on Tuesday December 24, 2013 @07:27PM from the it's-the-grinch dept.

An anonymous reader writes "Brian Krebs has done some detective work to determine who is behind the recent Target credit card hack. Krebs sifted through posts from a series of shady forums, some dating back to 2008, to determine the likely real-life identity of one fraudster. He even turns down a $10,000 bribe offer to keep the information under wraps."

11 of 68 comments (clear)

Min score:

Reason:

Sort:

Good Journalsim, Good Article by retroworks · 2013-12-24 19:50 · Score: 4, Interesting

Took about 5 minutes to read it. Didn't see any "first posts!" in the interim. Either others find it as fascinating, or I lack a life reading /. at midnight on Christmas eve.

--
Gently reply
1. Re:Good Journalsim, Good Article by Trepidity · 2013-12-24 20:10 · Score: 4, Insightful
  
  Spelling is not properly within the jurisdiction of the Grammar Nazis; we apologize for any overstepping of boundaries in this regard that may have occurred in the past.
  
  --
  10 PRINT CHR$(205.5+RND(1)); : GOTO 10
2. Re:Good Journalsim, Good Article by Spy+Handler · 2013-12-24 20:47 · Score: 5, Insightful
  
  Yes it was very good, Krebs writes well and he seems to know his stuff.
  That being said, was it really that easy? His steps to finding the perpetrator was:
  -Scan underground sites that sell stolen credit cards
  -Do a small buy to get a sample
  -Found cards that matched the ones stolen from Target
  -Dig through various forum/social network archives to see if any matched the owner of the underground site (from step #1)
  -Contact the perp to see if he makes any incriminating statements (which he did by offering $10k bribe)
  The perp may be an uber elite hacker, but he's very noob when it comes to hiding his tracks.
3. Re:Good Journalsim, Good Article by SternisheFan · 2013-12-24 21:57 · Score: 3, Informative
  
  This morning ABC-TV news reported that they are zeroing in on the thieves (it may be Ukranian hackers), who are having trouble selling the info since there is a glut on the market, not enough buyers. It also reported that phony Target emails are getting sent to affected card holders, customers are being told to go directly to the official Target site to be sure.
4. Re:Good Journalsim, Good Article by phayes · 2013-12-24 23:31 · Score: 4, Insightful
  
  Krebs does know his stuff & much like J Edgar Hoover, he's been in the business accumulating files on all the underground criminal sites for years. It is this database of info & intimate knowledge of how it all fits together that allows him to dig up the info that budding criminals left online in forums where they let their hair down (assuming that the others were all thieves with honour) and then tie it together with public records. Even "elite hackers" (assuming that the lowlife Krebs exposed really is one) were young once & rare is the teenager who knows not to brag...
  Go Brian, you inspire us all...
  
  --
  Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
5. Re:Good Journalsim, Good Article by berberine · 2013-12-25 00:16 · Score: 3, Interesting
  
  rare is the teenager who knows not to brag...
  Not quite on the same level, but my local paper recently ran a story of a convenience store robbery. The person who did it stole a lot of junk food and close to $1000. The police admitted they had no leads and were clueless about who did it. They were basically saying that the perpetrator was going to get away with it. Two days later, they arrest a 16-year old male because he was bragging to his classmates at school about how dumb everyone was and how smart he was because no one knew it was him.
6. Re:Good Journalsim, Good Article by Anonymous Coward · 2013-12-25 02:18 · Score: 3, Interesting
  
  -Dig through various forum/social network archives to see if any matched the owner of the underground site (from step #1)
  That probably was the more difficult step. Most of these chats had been deleted or archived. And most of it was in Russian. He probaby was on these sites for a while, also note that a lot of these chats are private chats between 3rd parties, so getting ahold of this was probably some work.
Purview of NSA? by OffTheLip · 2013-12-24 21:33 · Score: 4, Insightful

If the NSA/FBI/CIA/... was really interested in doing some good with all of the data mining they could solve or at least contribute to resolving cases like this. Prevention would even be better.
1. Re:Purview of NSA? by TechyImmigrant · 2013-12-24 23:55 · Score: 5, Informative
  
  Or the banks could switch to chip and pin cards and upgrade the crypto sufficiently to make it secure.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
2. Re:Purview of NSA? by TechyImmigrant · 2013-12-25 04:41 · Score: 3, Interesting
  
  My understand is not that they like card fraud, but they do *really really* like the current situation regarding liability. I.E. The banks carry none of the liability. If they are provisioning strong crypto and credentials to ensure secure transactions, the liability landscape changes in way that are bound to be worse than the current optimal (as far as the bank is concerned) situation.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
purview of banks investing in security by swschrad · 2013-12-25 08:30 · Score: 4, Insightful

seeing as how the chipped cards cost 5 times as much, I think we can consider this discussion closed :-D you know, the mantra of Wall Street is "screw the future, what are you doing for us this quarter?"

--
if this is supposed to be a new economy, how come they still want my old fashioned money?