Subscribe to RSS
Follow me on Twitter
Join me on Facebook
Carders.cc, a German online forum dedicated to helping criminals trade and sell financial data stolen through hacking, has itself been hacked. The once-guarded contents of its servers are now being traded on public file-sharing networks, leading to the exposure of potentially identifying information on the forum’s users as well as countless passwords and credit card accounts swiped from unsuspecting victims.
The breach involves at least three separate files being traded on Rapidshare.com: The largest is a database file containing what appear to be all of the communications among nearly 5,000 Carders.cc forum members, including the contents of private, one-to-one messages that subscribers to these forums typically use to negotiate the sale of stolen goods. Another file includes the user names, e-mail addresses and in many cases the passwords of Carder.cc forum users.
A third file — which includes what appear to be Internet addresses assigned to the various Carders.cc users when those users first signed up as members — also features a breezy explanation of how the forum was compromised. The top portion of this file — which is accompanied by an ASCII art picture of a cat — includes an oblique reference to the party apparently responsible for the Carders.cc site compromise, noting that the file is the inaugural issue of Owned and Exposed, no doubt the first of many such “e-zines” to come from this group.
Ironically, the anonymous authors of the e-zine said they were able to compromise the criminal forum because its operators had been sloppy with security. Specifically, they claimed, the curators of Carders.cc had set insecure filesystem permissions on the Web server, which essentially turned what might have been a minor site break-in into a total database compromise. From the e-zine’s opening salvo:
Many of you guys may have noticed this breeding German “underground” shit called carders.cc. For those who don’t: Carders is a marketplace full of everything that is illegal and bad. Carding, fraud, drugs, weapons and tons of kiddies. They used to be only a small forum, but after we erased 1337-crew they got more power. The rats left the sinking ship. The voices told us to own them since carders is our fault and we had to fix our flaw. So we did.
During the ownage they also gave us lulz by showing off their ridiculous configuration skills which had a specific impact on their security. They actually managed to chmod and chown nearly everything to 777 and www-user readable. Including their /root directory.
On the surface, it’s tempting to grin at the misfortune of these fraudsters. Still, the leaked database contains no small amount of password and banking information for many innocent victims. In addition, these types of vigilante attacks typically come with hidden costs: For one thing, while it may be true that law enforcement officials could use some of this information to locate people engaged in computer trespass, and buying or selling stolen personal and financial data, the public release of this information could just as easily prompt those individuals to abandon those accounts and Internet addresses, and even potentially jeopardize ongoing investigations.
Related posts:
- Visa Warns of Fraud Attack from Criminal Group
- Hundreds of Network Solutions Sites Hacked
- Would You Have Spotted this ATM Fraud?
- FBI: Online Fraud Costs Skyrocketed in 2009
- Fraud Fighter ‘Bobbear’ to Hang Up His Cape
Tags: carders.cc, owned and exposed, rapidshare
“…the leaked database contains no small amount of password and banking information for many innocent victims.” Which was already known to many criminals. Having it known that anyone can check to see if their info is there is much better than having it known only to criminals who are going to use it.
Indeed. I look forward to the credit card companies using this list to cancel the listed cards, and to notify their listed customers, and provide them with new cards.
When can we expect this to happen?
“When can we expect this to happen?”
Unlikely until they are pushed into a corner by publicity like this.
Hopefully this didn’t disrupt any legit investigations by LE.
I will like to work with you hunn
i need reguler cc add me please….i want to work with you….
What exactlly you need pm me.. @ yahoo msg: ccblocker@ymail.com
It is more than “tempting to grin at the misfortune of these fraudsters”. Yes, vigilante acts often have negative consequences, but this is one instance with minimal downside risk. I wish the stolen consumer credit card data hadn’t been released onto Rapidshare, but that obviously wasn’t going to be sifted out and scrubbed by the vigilante group.
I wonder if there will be a second issue of “Owned and Exposed”? This was nice reporting by Krebs, particularly the ASCII art image! I considered this Digg-worthy, and acted accordingly!
Reminds you of the will-hack-for-boobs defacements and hacks of late 90′s early 2ks
Yes, it’s very retro. I guess we are supposed to think this is an old greybeard hacking group trying to teach the young’uns a thing or two (like slapping them around with a large trout)
This definately smacks of late 90′s hacktivism, when people used to deface for bragging rights.
Ahh, the good old days
Hidden due to low comment rating. Click here to see.
Hidden due to low comment rating. Click here to see.
Does anyone know how many CC #s and/or bank accounts were stolen?
Hey Dana, welcome. It’s hard to say. The sensitive consumer stuff that’s obviously stolen is mixed in with the chatter on the board and interspersed with private messages, facebook passwords, etc. not easy to search through. If I had the thing in a real database format that might be easier, but not at the moment.
This is absolutely classic.
Love seeing wankers like this get their comeuppance!
Hidden due to low comment rating. Click here to see.
I hope the irony is not lost on you, because it is fantastic.
If a group of anonymous hackers could take down your forums (your headquarters, if you will), then law enforcement is just as capable of it, and it is only a matter of time.
sorry dude, but only thermite will save you
Check into it. Revision3 did a deal on it a while back ^^
I wonder what the PCI DSS compliance status was for Carders.cc.
Obviously since the data was compromised, the PCI SSC will make a statement that it could not have been compliant since there never has been a data breach on a PCI DSS compliant system.
Somehow I suspect Carders.cc didn’t have routine PCI audits completed. They existed entirely to resell stolen information, so auditors aren’t much of a concern. Although, ironically they probably could have benefited from following the practices laid out in the PCI guidelines.
I checked the PCI DSS and it states “PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted”, it does not distinguish between lawful or illegal storage.
Depending on the number of credit card numbers, they may have just submitted a self assessment questionnaire. However, since they were breached they could not have been compliant.
(taking the tongue out of my cheek)
Ah excellent point, evidently Solaro should read up a bit on his PCI compliance. (doh!)
Something odd that Brian did not intend. A simple click on carderscc.png shows just fine. But a go-back wrongly returns to the URL prior to krebsonsecurity – not nice to do. This happens with both FF and IE. Bringing up the .png in a new tab or window has a correct Referring URL but (of course) go-back doesn’t work.
Don’t go back. Just close the simulated pop up with the image in it.
I would love to have a copy of those files, even sanitized and without password or credit card information, but they seem were taken down from Rapidshare. Since they purportedly contain negotiations, I’m curious how those criminals trust each other when dealing between them. Also, were they using german, english or a jumble or Est-European languages when communicating ? If Solaro is indeed one of them, he hardly seems bilingual…
They were using a jumble. Solaro was one of them
About 90% of the forum is german, the rest english.
“I’m curious how those criminals trust each other when dealing between them.”
There is little to no trust, there were are a lot of rippers. Only some selected users are trusted. Most of them have a vendor title which must be paid for.
looks like the vulnerably was in the ipz.php file, i think they get into that website through RFL 0d4y ( published exploit but old one ), as long they don’t secure on them filesystem, was good enough to pwn them xD…
Hey
where can i find the original ezine?
greeting and I thank you in advance
@pisco
http://sec-r1z.com/stfu/carders/exp01.txt
hacking that site was useless, since you can easily read the entire forums via google cache no problem
even better than google is way back machine “the internet archive”
Spotted at BP station in Ohio
[img]http://farm2.static.flickr.com/1305/4667450260_d392ff03ce_b.jpg[/img]
http://luxemb.info/?p=23
Hello,
Great article. I took the data of this security breach and compared the password length of the crackers with common users. The results are available here:
http://www.scip.ch/?labs.20100709
Regards,
Marc
bet they couldnt hack carder.su
hi everyone i need uk cc iam regular buyer i need a seller that is a verified cc seller thanks
i always admire Robin Hood even during the times that i were still a little kid ::
why doesnt the police close such websites
About 90% of the forum is german, the rest english.
“I’m curious how those criminals trust each other when dealing between them.”
There is little to no trust, there were are a lot of rippers. Only some selected users are trusted. Most of them have a vendor title which must be paid for.
police are closed CP site and other are kids lol
Escrow1 thank you for the stuffs..it work 100% but only one was low balance…THANK YOU
Yes escrow1 is a good vendor……but don’t trade with yaraba12@yahoo.com
Unlimited Special Service From Big Hacker Group
(Cw,Tarck1/2,Bank Trf.)
About Us:
We are hackers and here to help not make money, we only charge because of the cost,time and effort involved in the services and products we offer.
Original Card Dumps For Sale:
Verified dealers, vendors and sellers only. Get card dumps from the first hand.
And We Have Good Service For Bank Transfering For You .
And Our Service Is Very Fast And Safe And immediate .
First hand tracks for sale
My databases are updated 3 times a week. Check it out now!
For more information vist my website; http://www.unlimitedservice4you.webs.com..And we hope to give you the best service
sakina_jimmy@yahoo.com