Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Cashing Out on Identity Theft

Created: 19 Dec 2007 08:00:00 GMT • Updated: 23 Jan 2014 18:43:38 GMT
M.K. Low's picture
0 0 Votes
Login to vote

There’s been a lot of coverage on the FBI Bot Roast II campaignwhere they released information about eight suspects who have beenindicted for conducting criminal botnet activity. Bot herder suspectsfrom across the United States have been linked to criminal activitiessuch as DDoS attacks, conducting multi-million dollar phishing andspamming scams, and in particular stealing personal information thatcould lead to identity theft.

Thousands of pieces of personal information are sold and traded inunderground economy servers found in Internet relay chat (IRC) rooms.When I look around the servers that we monitor, it reminds me ofCauseway Bay at night in Hong Kong. Large advertisements bombard youwith capital letters and carders repeat their sales pitches acrossmultiple lines to attract people to their bargains. They list off theirbest deals and even offer cheaper prices if you buy in bulk as statedin the ISTR XII.

Fresh CCs for sale. PM me for details

Bulk discounts for US & UK FULLZ

Cheap fresh fullz incl DOB, SSN, MMN, DL, EMAIL

When criminals sell stolen information, such as credit cards, creditverification values (CVV), bank accounts/logins, and dumps (magneticstrip information) on underground economy servers, the purchaser willneed to cash out on their newly acquired information to reap therewards of their bounty. Unwilling to risk exposure, many purchaserswill use the services of "cashiers" who will convert the information(for a fee) into true currency, either in the form of e-Gold or throughmoney transfers.

Cash-outs take a variety of forms depending on the type of truecurrency requested. Some cashiers wire money transfers online using thestolen credit card and hire a middle-man who receives the transfer inperson using a fake identity. Since this type of money transfer ensuresanonymity, can occur in a matter of hours, and results in hardcurrency, many cashiers use this method. E-gold payments are also verypopular among cashiers since the process is instantaneous and thepayments are final, i.e. there is no possibility of chargebacks. Moneyis transferred from bank accounts or credit cards, using exchangeservices, into e-gold currency accounts in as little as an hour.

Most cashiers charge a percentage of the cash-out value as theirfee. This percentage can range from 10% to 50% depending on the speedof the transaction, whether or not the account is blocked, and theamount of the cash-out. Cashiers are careful that the amounts they cashout are sufficient enough for their client but small enough not toalert the authorities or the official account holder.

On a positive note, the exposure of underground economy servers hasshed light on their methods. Many currency exchange services no longeraccept credit cards or third-party requests, and are more stringent onidentity checks.