Lesen Sie in dieser Aufzeichnung, wie Hacker Tipps zum Thema Kreditkarten-Klau austauschen:
Dieser Online-Chat zwischen zwei Hackern wurde von Dan Clements von CardCops an News.com und das FBI weitergeleitet. Hier geht es um mögliche Wege, in ein System einzudringen, das Kreditkarten-Nummern verifiziert. Hacker verifizieren gestohlene Kreditkarten-Nummern um festzustellen, welche der Karten benutzt werden können. Namen und sonstige Hinweise auf die Identität sind entfernt worden, ebenso die Karten-Nummer, die mit 480XXXXXXXXXXXXX, Gültigkeitsdauer 08/02, angegeben ist.
Session Start: Mon Apr 29 12:37:12 2002
<Hacker #1> try this: !chk 480XXXXXXXXXXXXX 0802
<Hacker #2> channel keeps dying
<Hacker #1> you mean the server?
<Hacker #1> try and connect to : irc.carrier1.net.uk (6667)
<Hacker #2> !chk 480XXXXXXXXXXXXX 0802 -Commandos- I’m Checking your CC Now (480XXXXXXXXXXXXX 0802), Please Wait (Commandos)
<Hacker #2> !chk 480XXXXXXXXXXXXX 0802 <~ __12_[___10Status:_ _4Valid – $10__12_]__ _12_ ~ _12_[___10by (Hacker #3), _4#TheCC__12_]__
<Hacker #1> :))
<Hacker #1> working one ;)
<Hacker #2> i see..cool..so (Hacker #3) wrote it?
<Hacker #1> yippe :))
<Hacker #1> yep
<Hacker #2> and the merchant account is thru (the company)?
<Hacker #1> yep, the merchant i hacked though :P
<Hacker #1> well not properly hacked, but you could do a bruteforce attack on (the company) system
<Hacker #2> i see
<Hacker #1> also just find a site that uses (the company) cart, and look in the code for the (deleted)
<Hacker #1> and thats the username of the account
<Hacker #1> thats all you need and you are done, then you use the vulnerability
<Hacker #1> then you take this bot and run it on a chan, and you become elite :P lol as if
<Hacker #2> shit..it’s that easy?
<Hacker #1> yep easy as pie
<Hacker #1> the vuln is the following url:
<Hacker #1> (deleted)
<Hacker #1> and of course i have made my own html page for it, giving it more control, easier to use
<Hacker #1> e.g chaging the username of the merchant, boxes for name, address and other details (some accounts require you to put all of the info otherwise they wont check the card)
<Hacker #1> also there are 3 more types of transactions (deleted)
<Hacker #2> intersting..what do u think (the company) should do?
<Hacker #1> they should renew their checking system
<Hacker #1> or at least put some kind of filtering
<Hacker #2> i wonder how long this xploit will be available?
<Hacker #2> guys are still validating cards all day long?
<Hacker #1> but then again, they just give instructions to the people who use the accounts to do it themselves
<Hacker #1> they never did send a notice to the merchants
<Hacker #1> its just posted in their site, we know that our system is hacked etc…. so pliz fix the problem yourselfs
<Hacker #1> that kind of bullshit
<Hacker #1> and because of them loads of companies are getting charged shit loads of money per day, cause it is that easy to exploit their system
<Hacker #2> so all merchants have to baby sit their account and catch the validations?
<Hacker #1> yep thats correct
<Hacker #1> while (the company) just sits back and says we are logging everything, but we are doing nothing about it :P
<Hacker #1> logging = monitoring the merchants
<Hacker #2> i wonder if they are reporting those stolen ccs to anyone???
<Hacker #1> i dont even think that they notice that there are strangers using merchants on their systems and using stolen ccs
<Hacker #1> you cant really tell if the cc is stolen or not though
<Hacker #1> you can only tell when the owner reports that their cc is being used by other ppl
<Hacker #2> well if it validates the number and exp…can u assume some carder will use it?
<Hacker #1> or when a shop admints that they got hacked and gives out the ccs to a bank so that they can be declined
<Hacker #1> most merchants have their system setup to (deleted).
<Hacker #1> acutally that the mayority of them
<Hacker #2> hey thanx..this is the kind of info i need
<Hacker #1> thats ok, i am here to help :d
<Hacker #1> its better to chat here than through icq :P
<Hacker #2> yes..seems to work better
<Hacker #1> btw you can inform visa about that cc :P
<Hacker #1> about this one: (deleted)
<Hacker #1> Visa 480XXXXXXXXXXXXX 08/02
<Hacker #2> ok…not sure any bank will cut it off….they make money off the fraud, LOL
<Hacker #1> yeah i know :P
<Hacker #1> thats one thing i dont understand though, how can they make money out of it?
<Hacker #1> they are supposed to pay back the money arent they?
<Hacker #1> or i am confused with the merchant?
<Hacker #2> the issuing and acquring bank split the chargeback fees..the merchant pays the fees plus the merchandise
<Hacker #1> i see
<Hacker #1> btw does (bill-payment company) check the amount on the cc?
<Hacker #2> not sure…can u investigate?
<Hacker #1> its a bit difficult, but yes i will, i think that the (bill-payment company) acc i have still works :P
<Hacker #1> but havent been able to figure out how it works :P
<Hacker #1> the old gui was better the new one is shitty
<Hacker #1> i know what sins is gonna do later today :P
<Hacker #1> he is gonna use that card and card some pr0n :P lol
<Hacker #1> anymore q’s?
<Hacker #2> not right now…this has been great…thanx again
<Hacker #1> np :d
<Hacker #2> cya
<Hacker #1> cya later then, i am off to watch One Night At McCools (2001) :))
<Hacker #2> later
Session Close: Mon Apr 29 12:58:08 2002