Credit card hackers swap tricks online

Chatrooms used for sharing hints and tips in growing business of ID theft

Written by Dinah Greek

vnunet.com, 25 Jul 2003

Thieves are using chat rooms to sell stolen credit card details and advise others how to hack websites containing credit information, security experts have warned.

Groups using internet relay chat (IRC) are playing a growing role in online credit card fraud.

A report by the Honeynet Project, which monitors criminal activity on the internet, shows that online thieves are becoming increasingly sophisticated.

The credit card details are not only used to purchase products but to clone the card owner's identity.

In order to monitor and record this activity, the Honeynet researchers set up computer systems, called 'honeynets' or 'honeypots', intended to be easy targets for hackers. The researchers then tracked the hackers to the IRC channels.

Dr Bill McCarty and his students at Azusa Pacific University monitored activities on more than a dozen IRC channels relating to credit card fraud after a hacker infiltrated one of their traps.

He warned that such criminal activity is not confined to the US. "We saw people from the UK in these rooms trading information," he told vnunet.com.

The software programs used in these rooms can systematically search out vulnerable websites containing credit information, determine which bank issued a card, harvest the three-digit card verification number and even let thieves determine the available credit card limit.

They can check a card number's validity and personal information about its owner.

In one IRC chat group a user was selling credit card numbers for 50 cents to $1 each, while another wanted lessons on cracking online sites containing credit card information.

But this is only the tip of the iceberg of the growing problem of identity theft, the cost of which runs into millions every year.

Over the past year in the US at least seven million people have fallen victim to identity theft of some sort, according to a survey by analyst Gartner.

A report from the UK Fraud Advisory Panel said that the number of identity thefts in the UK has grown from 27,270 in 2001 to 42,029 last year, costing victims an estimated £62.5m annually and the UK economy £1.3bn a year.

While consumers are protected by law from card fraud, George Gardiner, a partner in internet law firm Stephenson Harwood, warned: "It will be hard for people, especially those who aren't expert with technology, to prove their innocence if their digital fingerprints are all over the crime."