Dumb Cyber-crook Leaves Behind ID Clues

Someone posts 150 separate records of stolen credit card data in a Warez forum along with a photo and a location.

When Chris Boyd, senior director of malware research at FaceTime Security Labs, stumbled upon a collection of stolen credit cards in a Warez forum, he saw something he didn't expect—a photo.

But not only that, the poster also listed his or her supposed location underneath his or her forum avatar.

It was a first for Boyd, who said there were about 150 separate pieces of data in the collection. The poster's location was given as Greece, though most of the credit card information seemed to come from the United States. U.S. law enforcement agencies have been contacted, Boyd said.


Click here to read about customer data stolen from an Ameritrade database.

Assuming the photo and location information is correct, authorities at least have the "Who" and the "Where" bases partly covered, leaving a more interesting question to mull over … was this person a professional carder, or someone trying to prove not all cyber-crime is slick?

The information has reportedly started making the rounds on Warez sites. The incident, Boyd wrote on a corporate blog, has the makings of someone who came across a stockpile of sensitive data and was trying to distribute it quickly—or a pro who messed up badly.

Usually, carders—people who trade in credit card information—tend to arrange data uniformly, he noted. But here, some of the records included no more than card details while others featured a name, address, PIN number and other information, leading Boyd to guess that the data may have come from a back-end payment system.


Extensive searching on the information contained in the posts turned up little, save for an e-mail address that led researchers to a pro carding forum—now offline—where someone was offering up a small sample of private data at an asking price of $30,000 to $50,000 for UK and U.S. bank log-ins.

Calling it a case of stupid criminals at work in cyberspace, Boyd nonetheless told eWEEK that allowing such forums to operate gives security professionals and law enforcement a chance to keep an eye on crooks.

"Typically, combining hosts who are happy to profit from illegal activity with forums using nothing more complicated than secret subsections will create the perfect environment for criminals to buy and sell data," he said. "It's hard to gain access, and if you go down the route of shutting the forums down, you risk them going deeper underground and losing all your intel sources."

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.