18
May 10

Fraud Bazaar Carders.cc Hacked

facebooktwittergoogle_plusredditpinterestlinkedinmail

Carders.cc, a German online forum dedicated to helping criminals trade and sell financial data stolen through hacking, has itself been hacked. The once-guarded contents of its servers are now being traded on public file-sharing networks, leading to the exposure of potentially identifying information on the forum’s users as well as countless passwords and credit card accounts swiped from unsuspecting victims.

The breach involves at least three separate files being traded on Rapidshare.com: The largest is a database file containing what appear to be all of the communications among nearly 5,000 Carders.cc forum members, including the contents of private, one-to-one messages that subscribers to these forums typically use to negotiate the sale of stolen goods. Another file includes the user names, e-mail addresses and in many cases the passwords of Carder.cc forum users.

A third file — which includes what appear to be Internet addresses assigned to the various Carders.cc users when those users first signed up as members — also features a breezy explanation of how the forum was compromised. The top portion of this file — which is accompanied by an ASCII art picture of a cat — includes an oblique reference to the party apparently responsible for the Carders.cc site compromise, noting that the file is the inaugural issue of Owned and Exposed, no doubt the first of many such “e-zines” to come from this group.

Ironically, the anonymous authors of the e-zine said they were able to compromise the criminal forum because its operators had been sloppy with security. Specifically, they claimed, the curators of Carders.cc had set insecure filesystem permissions on the Web server, which essentially turned what might have been a minor site break-in into a total database compromise. From the e-zine’s opening salvo:

Many of you guys may have noticed  this breeding German  “underground” shit called carders.cc.  For those who don’t: Carders is a marketplace full of everything  that is illegal and bad.  Carding,  fraud,  drugs, weapons and tons of kiddies.  They used to be only a small forum,  but after we erased  1337-crew  they got  more  power.  The rats  left the sinking  ship.  The voices  told us to own them  since carders is  our fault and we had to fix our flaw. So we did.

During  the  ownage  they  also  gave  us  lulz  by  showing off their ridiculous  configuration skills which had a specific  impact on their security.  They actually managed to chmod and chown nearly  everything to 777 and www-user readable. Including their /root directory.

On the surface, it’s tempting to grin at the misfortune of these fraudsters. Still, the leaked database contains no small amount of password and banking information for many innocent victims. In addition, these types of vigilante attacks typically come with hidden costs: For one thing, while it may be true that law enforcement officials could use some of this information to locate people engaged in computer trespass, and buying or selling stolen personal and financial data, the public release of this information could just as easily prompt those individuals to abandon those accounts and Internet addresses, and even potentially jeopardize ongoing investigations.

Tags: , ,

44 comments

  1. Carl "SAI" Mitchell

    “…the leaked database contains no small amount of password and banking information for many innocent victims.” Which was already known to many criminals. Having it known that anyone can check to see if their info is there is much better than having it known only to criminals who are going to use it.

  2. It is more than “tempting to grin at the misfortune of these fraudsters”. Yes, vigilante acts often have negative consequences, but this is one instance with minimal downside risk. I wish the stolen consumer credit card data hadn’t been released onto Rapidshare, but that obviously wasn’t going to be sifted out and scrubbed by the vigilante group.

    I wonder if there will be a second issue of “Owned and Exposed”? This was nice reporting by Krebs, particularly the ASCII art image! I considered this Digg-worthy, and acted accordingly!

  3. Reminds you of the will-hack-for-boobs defacements and hacks of late 90’s early 2ks

    • Yes, it’s very retro. I guess we are supposed to think this is an old greybeard hacking group trying to teach the young’uns a thing or two (like slapping them around with a large trout)

      • This definately smacks of late 90’s hacktivism, when people used to deface for bragging rights.

        Ahh, the good old days :)

  4. It’s interesting this coincides with the new Robin Hood movie coming out.

    • Off topic, but I will boycott any movie that has been released previously. I’m sick of non-original content. The movie and recording industry get extremely bent over piracy, but when it comes to lazy remakes they can’t get enough.

  5. Does anyone know how many CC #s and/or bank accounts were stolen?

    • Hey Dana, welcome. It’s hard to say. The sensitive consumer stuff that’s obviously stolen is mixed in with the chatter on the board and interspersed with private messages, facebook passwords, etc. not easy to search through. If I had the thing in a real database format that might be easier, but not at the moment.

  6. This is absolutely classic.
    Love seeing wankers like this get their comeuppance!

  7. Hello Community, first i have to say: Sorry for my bad english.
    Some people know me from Carders.cc i was 2nd lvl and had 400 Posts.
    I dodnt know whot you are think whot happens, the Database was ILLEGAL HACKED so why they can you it for an Evidence ?? I tell you that they cant.
    All my Hard Drives are cleaned and they cant find everything!!!
    So happy hacking, carders.cc comes back you cannot kill us with a Simple Website Hack…

    • BattleChicken

      I hope the irony is not lost on you, because it is fantastic.

      If a group of anonymous hackers could take down your forums (your headquarters, if you will), then law enforcement is just as capable of it, and it is only a matter of time.

    • sorry dude, but only thermite will save you

      Check into it. Revision3 did a deal on it a while back ^^

  8. I wonder what the PCI DSS compliance status was for Carders.cc.

    Obviously since the data was compromised, the PCI SSC will make a statement that it could not have been compliant since there never has been a data breach on a PCI DSS compliant system.

    • AnonymousMike

      Somehow I suspect Carders.cc didn’t have routine PCI audits completed. They existed entirely to resell stolen information, so auditors aren’t much of a concern. Although, ironically they probably could have benefited from following the practices laid out in the PCI guidelines.

      • I checked the PCI DSS and it states “PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted”, it does not distinguish between lawful or illegal storage.

        Depending on the number of credit card numbers, they may have just submitted a self assessment questionnaire. However, since they were breached they could not have been compliant.

        :)

        (taking the tongue out of my cheek)

        • AnonymousMike

          Ah excellent point, evidently Solaro should read up a bit on his PCI compliance. (doh!)

  9. Peter Brewster

    Something odd that Brian did not intend. A simple click on carderscc.png shows just fine. But a go-back wrongly returns to the URL prior to krebsonsecurity – not nice to do. This happens with both FF and IE. Bringing up the .png in a new tab or window has a correct Referring URL but (of course) go-back doesn’t work.

  10. I would love to have a copy of those files, even sanitized and without password or credit card information, but they seem were taken down from Rapidshare. Since they purportedly contain negotiations, I’m curious how those criminals trust each other when dealing between them. Also, were they using german, english or a jumble or Est-European languages when communicating ? If Solaro is indeed one of them, he hardly seems bilingual…

  11. About 90% of the forum is german, the rest english.

    “I’m curious how those criminals trust each other when dealing between them.”

    There is little to no trust, there were are a lot of rippers. Only some selected users are trusted. Most of them have a vendor title which must be paid for.

  12. looks like the vulnerably was in the ipz.php file, i think they get into that website through RFL 0d4y ( published exploit but old one ), as long they don’t secure on them filesystem, was good enough to pwn them xD…

  13. Hey
    where can i find the original ezine?

    greeting and I thank you in advance

  14. hacking that site was useless, since you can easily read the entire forums via google cache no problem

  15. Spotted at BP station in Ohio
    [img]http://farm2.static.flickr.com/1305/4667450260_d392ff03ce_b.jpg[/img]
    http://luxemb.info/?p=23

  16. Hello,

    Great article. I took the data of this security breach and compared the password length of the crackers with common users. The results are available here:

    http://www.scip.ch/?labs.20100709

    Regards,

    Marc

  17. bet they couldnt hack carder.su :)

  18. hi everyone i need uk cc iam regular buyer i need a seller that is a verified cc seller thanks

  19. i always admire Robin Hood even during the times that i were still a little kid ::

  20. why doesnt the police close such websites

  21. About 90% of the forum is german, the rest english.

    “I’m curious how those criminals trust each other when dealing between them.”

    There is little to no trust, there were are a lot of rippers. Only some selected users are trusted. Most of them have a vendor title which must be paid for.

  22. police are closed CP site and other are kids lol

  23. Escrow1 thank you for the stuffs..it work 100% but only one was low balance…THANK YOU

  24. Yes escrow1 is a good vendor……but don’t trade with yaraba12@yahoo.com

  25. Unlimited Special Service From Big Hacker Group
    (Cw,Tarck1/2,Bank Trf.)

    About Us:

    We are hackers and here to help not make money, we only charge because of the cost,time and effort involved in the services and products we offer.

    Original Card Dumps For Sale:

    Verified dealers, vendors and sellers only. Get card dumps from the first hand.

    And We Have Good Service For Bank Transfering For You .
    And Our Service Is Very Fast And Safe And immediate .

    First hand tracks for sale
    My databases are updated 3 times a week. Check it out now!

    For more information vist my website; http://www.unlimitedservice4you.webs.com..And we hope to give you the best service :)


Read previous post:
Following the Money, Part II

A leading Russian politician has accused a prominent Moscow businessman of running an international spam and online pharmacy operation while...

Close