[nikcub]

> The source said that he had bought a large batch of stolen cards from an underground site and that they all appeared to have been used at Target.

Interesting sidenote in the Target hack. First, something that you might not know: not one of these breaches (that is Target, Neiman Marcus, Michaels, etc.) was discovered by the actual affected companies - they were all discovered by bank and security officials in the underground markets.

Bank and infosec people worked out a while ago that rather than wait for breaches to be discovered, it'd be best to set yourself up on the underground markets in the guise of a purchaser - buy up cards, correlate purchase history and work out who has been hacked. It is this type of reconstruction that lead back to Target, Neiman Marcus, et al.

Target was discovered not too long after the hackers had ramped up their sniffing, and with the response from banks and computers it meant the overall 'score' wasn't that great. A hack that should have provided enough dumps for the entire underground for more than a year ended up lasting weeks.

So score one for the good guys.

The problem now is that the black hat groups have wizened up to this. A few things are happening.

First, there has been a bit of a purge of users in the forums. It is harder than ever to get into the private forums.

Second, cards are now being 'laundered'. You take dumps from different sources and combine them together, to the point where it would be difficult to find out where the cards were stolen from. Being from a particular source used to be a selling point for the traders, but now they are blurring a lot of that info out and combining different dumps and then slicing them for sale in other ways (usually IBAN, State and Expiry).

The public 'auto sites' that sold these dumps have all been taken down, after getting a lot of attention over the Target attack. Many complete novices sought out the underground sites after the Target breach reporting in the mainstream media, flooding the forums with newbie questions and requests in a mini eternal september.

It is possible that with the underground adapting in this way and the state of security still being so poor that we won't even find out about the next big breaches.

[naterator]

Is there a bright side to this, though? Doesn't this mean that the barrier to entry will increase for this kind of crime, and thus a smaller group of criminals will be able to perform it? Maybe that's small consolation, considering that only a handful need to do it to cause widespread havoc. Still. I hope this isn't all bad.

[nikcub]

You can now buy credit cards on some of the new underground markets that are replacing Silk Road.

Find the type of card you want, select how many you want ($5-20 each) and go through the checkout process, just like shopping on Amazon.

What happen is that there is now another tier of distribution - the bulk guys aren't selling directly to the public any more but there are people buying from them who are, and they are making it easy.

The bright side is that with chip+pin the horizon for dumps is short, but that leaves CVV's (card not present carding, used in online fraud).

[jnbiche]

Although I almost don't want to know the answer here, how are people usually paying for these cards? Is it Bitcoin?

I know Liberty Reserve was alleged to be popular among carders before. So has it all shifted to Bitcoin now that Liberty Reserve has been shut down?

[nikcub]

It is bitcoin almost everywhere in the underground now. It used to be "accept LR, WM, UK" (meaning liberty reserve, web money, ukash, etc.) on vendor forum posts but now the payment method isn't even mentioned since it is assumed to be bitcoin.

[jnbiche]

Thank you -- I was afraid of that.

[r0muald]

A smaller and increasingly skilled group of organized criminals. Not that good IMHO.

[gwern]

> Being from a particular source used to be a selling point for the traders, but now they are blurring a lot of that info out and combining different dumps and then slicing them for sale in other ways (usually IBAN, State and Expiry).

I was looking at one of the newer carding shops on Tor and was wondering why they were splitting all their dumps that way. Guess now I know why.

[GFK_of_xmaspast]

Same idea as CDOs, I guess. (http://en.wikipedia.org/wiki/Collateralized_debt_obligation)