|
Net thieves caught in action
Fraud investigator sets sting, watches thieves swap fake info
By Bob Sullivan
MSNBC
Original
Article
April 15 - Just how long does it take for stolen credit cards to
find their way around the Internet, and the world? About 15 minutes.
That's what fraud investigator Dan Clements found this weekend when
he posted a Web page full of faked credit card data to track how
quickly the information would make its way around the "carder culture." He
then planted links to the Web site in a few Internet chat rooms.
Within 15 minutes, 74 carders from 31 different countries arrived
to peek at the data.
By the end of the weekend, 1,600 potential thieves had visited
the page, hailing from some 75 countries, with Indonesia, the United
States, and Romania topping the list.
"It's frightening how vulnerable we are, and how quickly this information
gets around," said Avivah Litan, fraud analyst with Gartner Inc.
Clements, who operates antifraud site CardCops.com, plans to locate
as many individual IP addresses as he can. He will then inform Internet
service providers that their customers are likely participating in
illegal activity.
He also plans to share his data with the FBI and U.S. Secret Service.
"We caught a lot of people in this net. Word is going [around] that
ID process will take place. Just identifying half of them will be
a deterrent," he said. "We want the carders to know we're coming."
The Web page Clements produced included fake data that mimicked
the kind often left accidentally on the Internet by e-commerce merchants.
He then had people he trusted call attention to the Web sites in
chat rooms that are known havens for credit card thieves. Then he
sat back and watched, logging the IP address of every computer which
visited the Web site.
Tracking the physical location of IP addresses can be tricky business,
but Clements used a company named Nami Media Inc. to trace back addresses
to originating countries, and in some cases, cities. In this case,
Nami Media acts as a reseller of tracking information provided by
Digital Envoy.
Nami Media's CEO, Gary Mittman, said technological advancements
and plain old hard work has refined such IP tracking to the point
where it's reliable.
"It's a mix of a variety of things, including crawling back up the
line with spiders. There's relationships with ISPs. And there's 10
guys whose full time job it is to update systems with global database
information. They keep it as accurate as they can," Mittman said.
Clements' results are certainly consistent with the anecdotal impressions
merchants have about credit card fraud hot spots, Litan says.
"I know they have strong crime rings in Indonesia and Romania," Litan
said. "These two countries keep coming up when people talk about
fraud."
About 600 surfers from Asia hit Clements' site, almost 400 from
Indonesia. Another 500 hits came from Europe, with 133 from Romania,
nearly 80 from Turkey and about 40 from Bulgaria. In North America,
some 400 hits originated in the United States and 80 in Canada.
"What this shows is that these guys work at light speed, and if
you're going to war with them, you can't move in weeks or months," Clements
said.
|
