Logo
    Search

    Ep 32: The Carder

    en-usFebruary 19, 2019

    Podcast Summary

    • The Dark Cloud of Illegal Online MarketplacesPurchasing stolen credit cards through illegal online marketplaces is a criminal activity that harms not only individuals but also US banks and businesses. The US Secret Service is actively monitoring these marketplaces and investigating these criminals who use anonymous payment platforms like Liberty Reserve.

      Stolen credit cards are sold on illegal online marketplaces for significant amounts of money. The purchasing process involves transferring money via Liberty Reserve, an anonymous payment platform. Some vendors have high success rates and are highly sought after, but the US Secret Service is actively monitoring these marketplaces and investigating the criminal activity. Using stolen credit cards is illegal and affects not only individuals but also US banks and businesses. The Secret Service has a mission to find these criminals and bring them to justice. One case involved a vendor called nCux who was found through online activity and was determined to be a Russian word meaning 'psycho'.

    • The Story of Track2 and the Kameo MalwareBe wary of suspicious vendors on illegal markets and always keep an eye out for any unusual activity on your computer. Malware can listen for keystrokes and steal sensitive information, so make sure to take proactive measures to protect your data.

      The Secret Service discovered a vendor named Track2, selling stolen credit card dumps on an illegal carding market. They became suspicious as this new vendor was marked as a trusted vendor on day one, and other vendors were being removed. The Secret Service began watching them closely and discovered that they were responsible for installing Kameo malware on computers at Schlotzsky's Deli in Coeur d'Alene, Idaho. The malware listened for keystrokes, looking for credit card information, which was then transmitted to a server in Russia. Detective Dunn found that the malware had been present on the computer for six months and that it was put there by someone who had control of it. This discovery led to the arrest of the Ohio buyer, and they were able to trace the source of the stolen credit cards.

    • Detective Dunn follows the trail of Kameo malware and unravels a credit card fraud operation linked to Roman Seleznev.Hackers can use malware to steal credit card information and sell it on the black market, but investigators like Detective Dunn can connect the dots and track them down with technical expertise and determination.

      Detective Dunn connects the dots between Schlotzsky's Deli hack and fraudulent charges on credit cards with the Broadway Grill as the common purchase point. He finds that both had been hacked with Kameo malware that stole credit card information. Dunn traced the malware to the same Russian server being used by Roman Seleznev, a notorious carder previously tracked by the Secret Service. Dunn discovered that Seleznev was the same person operating two carding websites Bulba.cc and Track2.name. Dunn obtained a warrant for Seleznev's Yahoo e-mails and found evidence of his involvement in the carding operation through Liberty Reserve and a PayPal account. With the new evidence, Secret Service is once again on Seleznev's trail.

    • The Importance of Securing Remote Desktop Access to Prevent HacksInadvertently exposing Remote Desktop to the internet with weak passwords can lead to noisy and sloppy hacks. Keep Remote Desktop inaccessible, update security mechanisms regularly to prevent such attacks.

      The story highlights the importance of keeping Remote Desktop inaccessible from the internet and ensuring strong passwords. Roman Seleznev allegedly hacked into hundreds of restaurants and shops around the world by brute-forcing Remote Desktop login. This hack was noisy, sloppy and fundamentally not sophisticated. Detective Dunn was able to link Roman to the hack by investigating a server rented out by him which had over 400,000 stolen credit cards. The detective visited hacked restaurants and found the same signs - Remote Desktop enabled on the POS computers with malware installed, and credit cards scraped and sent to Roman's servers. Strong authentication mechanisms, keeping security patches updated can prevent such hacks.

    • The Elusive Carder: How Roman Seleznev Outwitted the Secret Service.Even the most skilled hackers can be caught if law enforcement is patient and persistent in tracking their movements. Political connections may provide some protection, but ultimately, no one is above the law.

      Roman Seleznev, a notorious carder and hacker, was protected by his father who was a deputy in the Russian parliament. Despite being involved in a big-time operation that brought him $2.4 million in a week, Roman went dark after a suicide bombing at a popular restaurant in Marrakech. His websites, Bulba.cc and Track2.name, shut down nine months later, making the Secret Service uncertain of his condition. While they tried to prepare for his capture, Roman continued to take short trips to Indonesia and avoided being tracked by buying last-minute plane tickets. The feds had no way to capture him there as there was no extradition treaty with Indonesia. The Secret Service had to wait patiently for him to make a mistake.

    • The Arrest and Capture of 2pac.cc Mastermind, Roman SeleznevInternational cooperation and effective law enforcement can catch even the most sophisticated hackers engaged in illegal activities, highlighting the consequences of cybercrime and the importance of cybersecurity measures.

      Roman Seleznev was the mastermind behind 2pac.cc, a site involved in the illegal sale of credit card dumps. His large incoming transactions caught the attention of the Secret Service after they shut down Liberty Reserve, a company involved in processing money used for illegal purposes. He was tracked down to the Maldives and caught while trying to flee to Russia. The Secret Service took him to Guam and continued to investigate his laptop, which was password-protected. Roman pleaded innocent but the evidence against him was strong, leading to a trial in Washington State. The case shows the importance of international cooperation in capturing criminals and how even sophisticated hackers can be caught.

    • The Perils of Weak Digital Security in Criminal ActivitiesUsing weak and reused passwords on personal devices can lead to forensic evidence in digital devices, holding sensitive information and consequences for criminal activity. Strong digital security is crucial.

      Reusing passwords and using simple passwords on personal devices is a bad idea, especially for criminal activities. Forensic analysis of digital devices can reveal deleted files and incriminating evidence, and cloud storage may hold sensitive information. The Secret Service was able to build a strong case against a carding kingpin based on evidence found on his laptop, network logs, and phone records. Attempts to pay off prosecutors and seek political influence did not work. This highlights the importance of digital security and the consequences of criminal activities in the digital world.

    • Roman Seleznev sentenced to 27 years for cybercrimes.Cybercriminals will have to face severe consequences of their actions, with the imprisonment of Roman Seleznev being proof thereof. Their hacking may eventually lead to their capture and punishment.

      Roman Seleznev was found guilty on thirty-eight out of forty counts that included international damage to protected computers, wire fraud, obtaining information from a protected computer, and aggravated identity theft. Despite Roman trying to delay and find a way out of prison, his continuous lying to prosecutors and refusal to cooperate resulted in him getting twenty-seven years of prison time for his crimes. Roman's laptop had 1.7 million stolen credit cards from 400 different restaurants and shops. His hacking also included zoos across the US and he even stole credit cards from the Phoenix Zoo.

    • The Domino Effect of a Security BreachSmall businesses need to invest in proper security measures and compliance with the payment card industry. Legal action should be taken against cyber criminals to prevent further damages.

      Small and local businesses were affected by the security breach caused by Roman Seleznev and had to spend a lot of money to fix the security issues. The breach also caused them to be fined for not being compliant with the payment card industry. Additionally, when the news got out, these businesses faced ridicule and shaming, lost customers, and eventually shutdown causing them to file for bankruptcy. This shows how important it is to have proper security measures in place and be compliant with the payment card industry. One mistake can have a domino effect on the business and its customers. The case of Roman Seleznev also highlights the importance of proper legal action and investigations against such cyber criminals to ensure justice is served and prevent further damage to businesses and individuals.

    Recent Episodes from Darknet Diaries

    146: ANOM

    146: ANOM

    In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

    This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

    Darknet Diaries
    en-usJune 04, 2024

    145: Shannen

    145: Shannen
    Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    144: Rachel

    144: Rachel
    Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    143: Jim Hates Scams

    143: Jim Hates Scams
    Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    142: Axact

    142: Axact
    Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    141: The Pig Butcher

    141: The Pig Butcher
    The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    139: D3f4ult

    139: D3f4ult
    This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

    138: The Mimics of Punjab

    138: The Mimics of Punjab
    This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    137: Predator

    137: Predator
    A new type of mercenary spyware came on the radar called Predator. It’ll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world. In this episode we hear from Crofton Black at Lighthouse Reports who spent 6 months with a team of journalists researching this story which was published here: https://www.lighthousereports.com/investigation/flight-of-the-predator/. We also hear from Bill Marczak and John Scott-Railton from Citizen Lab. If you want to hear about other mercenary spyware, check out episodes 99 and 100, about NSO group and Pegasus. To hear another episode about Greece check out episode 64 called Athens Shadow Games. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    Related Episodes

    76: Knaves Out

    76: Knaves Out
    This is the story about how someone hacked into JP Morgan Chase, one of the biggest financial institutions in the world. It’s obvious why someone would want to break into a bank right? Well the people who hacked into this bank, did not do it for obvious reasons. The hackers are best described as knaves. Which are tricky, deceitful fellows. Sponsors Support for this show comes from LastPass by LogMeIn. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. Visit LastPass.com/Darknet to start your 14 day free trial. Support for this episode comes from SentinelOne which can protect and assistwith ransomeware attacks. On top of that, SentinelOne offers threat hunting, visibility, and remote administration tools to manage and protect any IoT devices connected to your network. Go to SentinelOne.com/DarknetDiaries for your free demo. Your cybersecurity future starts today with SentinelOne. Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. For a complete list of sources and a full transcript of the show visit darknetdiaries.com/episode/76. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    Trading Tech Talk 2: Hackers and Rogue Algos

    Trading Tech Talk 2: Hackers and Rogue Algos

    Trading Tech Talk 2: Hackers and Rogue Algos

    Hot Topics in Tech: Security of Financial Platforms

    Should we expect more attacks in the future? Is this the new norm going forward? What sort of realistic uptime expectations should institutional clients, end users of exchanges and vendors have in this environment? Are we approaching a point where retail clients should maintain multiple brokerage account to ensure access at all times?

    While the recent OPRA problem was limited to NASDAQ OMX, it highlights the issue of the entire industry fixating around a single point of failure. What risks does that pose to the marketplace? How do we address that as an industry? Rogue algos are not just the domain of equities and options anymore; futures are now under attack as well.

    The Inbox: We’re taking your questions

    • Question from Amac: Is there a way for small traders to see or get access to big options shows via IM? Seems like I am missing much of the picture.
    • Question from T. Norvin: What exactly is a sweep order? Can a sweep be used to lift liquidity without moving markets? I.e. Buy 10 on all vs. 100 on one exchange?

    The Lightning Round: A minute to win it

    • Should customer open multiple brokerage accounts to avoid security risks?
    • The industry will have a backup/alternate to OPRA in place by the end of 2014 - Yea or Nay?
    • Will every major derivatives exchange experience some sort of systems outage/glitch in 2014?
    • Will microwave transmission gain a foothold in the U.S. financial markets in 2014?

    Ep 44: Zain

    Ep 44: Zain
    Ransomware is ugly. It infects your machine and locks all the the data and to unlock you have to pay a fee. In this episode we dive into some of the people behind it. Sponsors This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. This episode was sponsored by MyWallSt. Their app can help you find good looking stocks to invest in. Visit MyWallSt.com/dark to start your free 30 day trial. For more show notes and links check out darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices