Slashdot Mirror
Cybercriminals Learning To Filter Out Undercover Cops (krebsonsecurity.com)
An anonymous reader writes: Credit card numbers are constantly being stolen, but the people who take them don't usually use them. Instead, they sell them to others who will. Many cards are traded at online forums and markets. Law enforcement investigators know this, and they use these forums to gather intelligence on breaches. But Brian Krebs writes that one of the biggest markets, Rescator, has implemented methods to screen out suspected law enforcement agents. Krebs says of a law enforcement source of his: "The criminals running the fraud shop seized his carding store account and bitcoin balance after the pig alert flashed on my source's screen — effectively stealing hundreds of taxpayer dollars directly from the authorities. .. I found his case fascinating and yet another example of the growing sophistication of large-scale cybercrime operations."
Dirty feebs get what they deserve...
Krebs says of a law enforcement source of his: "The criminals running the fraud shop seized his carding store account and bitcoin balance after the pig alert flashed on my source's screen — effectively stealing hundreds of taxpayer dollars directly from the authorities..."
I think it's hilarious that the angle they took was the seizing of the police's resources committed to the transaction system. The point wasn't to steal the police's resources, that was a drop in the bucket compared to the size of the operation. The point was to prevent the suspected law enforcement agency from continuing to play and to preserve the information that might be linked with the account to use that information to help spot other law enforcement accounts.
If anything, the lack of size of the law enforcement operation was probably the initial red flag. Sure, actual criminals will start out small too, but usually an unwillingness to go all-in is a warning flag. Flat out, usually the, "good guys," have limits on their behavior either because they're attempting to do as little harm as possible or being limited in funding since they're not actually running a criminal for-profit enterprise, or a combination thereof.
It'll probably take a turned-insider to break this stuff. That's what it usually takes. Actually find a person involved, use the carrot-and-stick approach to give them reduced charges or some degree of immunity in exchange for breaking the organization from within, and let that person both take the risks associated with data collection and give them time to build up enough information to make further prosecution possible.
Do not look into laser with remaining eye.
When you detect the unwanted customer, don't block them ... sell them randomized fake CC info. Their evil genius is weak sauce.
Okay, I know this is off topic and I apologize, but can we agree that its time to stop calling them "Cybercriminals"?
These people are called cybercriminals to provide information about what kind of criminals they are; it doesn't mean they are to be looked at as privileged or special; You don't call a serial killer just a "criminal"; These people who deal in batches of stolen credit card or social security numbers for mortgage or Tax Refund fraud are much worse than common criminals, just like you refer to criminals who are serial killers differently than you refer to muggers or jaywalkers. A thief probably only robs from a few people, cybercriminals are "Mass Thieves", and the penalties should be more severe --- they are criminals that use what the average person would consider technically sophisticated methods or tools involving the abuse of technology as a fundamental aspect in the commission of their crimes.....
They are not thieves in the traditional sense, other than their intention is essentially to get money they have not earned, E.g. those selling copies of other peoples' credit card numbers, And their chance at a profit is supported by another criminal's expectation of using those numbers to defraud banks out of $$$, but some of these criminals are also referred to as frausters and identity thieves.