Tag: credit card

Cybercrime mastermind gets 18 years porridge

A Ukrainian national who pleaded guilty in 2009 to creating a popular online marketplace for selling stolen financial account data has been sentenced to 18 years in prison.

Roman Vega, 49, was dubbed as one of the world’s “most prolific cybercriminals” by the Department of Justice. He will get 18 years for his role in co-founding the notorious website CarderPlanet.

According to Security Week,  Vega was originally arrested in Cyprus in February 2003 and extradited to the United States. He pleaded guilty in 2009 to conspiracies to commit money laundering and access device fraud and has been in custody since. It is not clear why it took so long for the authorities to sentence him, particularly as he admitted the crime in 2009. We would have thought that even with an 18-year sentence, he will be up for parole in a few years based on the four years he served.

Acting assistant Attorney General Mythili Raman said Vega helped create one of the largest and most sophisticated credit card fraud sites in the cybercrime underworld.

CarderPlanet was the first and busiest online marketplaces for the sale of stolen financial information, computer hacking services and money laundering, the Department of Justice said. Vega served the organisation as the consigliere,

VPN providers under attack

Mastercard and Visa have now started to take action against VPN providers and are refusing them card access.

According to Torrentfreak,  Swedish payment provider Payson cut access to anonymizing services after being ordered to do so by the credit card companies.

VPN provider iPredator is one of the affected customers and Peter Sunde, the founder, who also founded Pirate Bay, said it is considering legal action.

It appears that the credit card companies are targeting VPNs which are linked to P2P piracy. It follows similar action from Paypal.

Payson confirmed that it was complying with an urgent requirement from Visa and Mastercard to stop accepting payments for VPN services.

Sunde does not believe that the move is to do with piracy, but might be an effort to prevent the public from covering their tracks online and preventing government spying.

US companies are forcing non-American companies to stop people protesting privacy encroachments and being anonymous, and so the NSA can spy even more, he pointed out.

iPredator has plenty of other payment options, but he thinks it is an outrage that Mastercard and Visa have apparently decided to ban a perfectly legal technology.

Anonine, Mullvad, VPNTunnel, Privatvpn and several others are also using Payson’s services and Sund thinks they will all join in any legal action. 

UK Pirate Party forced to give up Pirate Bay proxy

UK political group, the Pirate Party, has been forced to give up its legal defence against the BPI because it lacks the readies.

The Pirate Party had been providing people with a link that bypassed ISP blocks to the Pirate Bay. Needless to say, Big Content was furious, particular as the Pirate Bay remained extremely popular.

It appears that the BPI sent legal threats to the Pirate Party to shut it down. Initially the Party was happy to take on all comers and then it realised how much fighting the BPI would cost.

In a statement, the Party insists it will continue to fight for digital rights despite being threatened with legal action by the UK’s music industry body over linking to the Pirate Bay.

Frances Nash, IP Lawyer at Manchester solicitors, Ralli, commented on behalf of the Pirate Party that despite attempts by elected members to resolve the situation, the law at present is clear and makes any decision to continue hosting the proxy untenable.

He said that this was not the outcome the party wanted, however, any challenge to this proposed action would make it financially impossible for the party to deal with other topics it actively campaigns for on a daily basis.

Nash said that the Pirate Party strongly believes that site blocking is both disproportionate and ineffective and will continue to lobby for digital rights.

In other words, there is nothing it can do, so it will try and fight the move politically rather than waste cash. 

European Parliament gets behind the Pirate Party

The Pirate Party has had a major political victory in the European Parliament after it secured a regulation which will prevent credit card outfits denying services to organisations like Wikileaks.

The European Parliament ordered new legislation to regulate credit card companies’ ability to refuse service. This regulation follows the unilateral cutoff of donations to WikiLeaks, but the Pirates gained wide support for new laws because of the damage such antics do to small businesses.

Swedish Banks were recently caught discriminating against fully legal business owners that the banks claimed sold “questionable products” like horror movies, movies with nudity, or sex toys.

At the time the banks referred to vague rules from Visa and MasterCard.

In response the European Parliament requesting legislation to be drafted on the matter. Included in the draft is text inserted by Pirate MEP Christian Engström which said that as more businesses go online there are more European companies whose activities are effectively dependent on being able to accept payments by card.

It is in the public interest to define objective rules describing the circumstances and procedures under which card payment schemes may unilaterally refuse acceptance, the statement said.

MEP Christian Engström said that it was not reasonable that Visa, MasterCard, and PayPal can shut Swedish entrepreneurs out from trading online when they sell horror movies or sex toys, just because the payment providers are scared of fundamentalist moralism.

In the cases where Visa, MasterCard, and PayPal blocked donations to WikiLeaks this was the three companies collaborating in helping the American government silence an inconvenient voice.

Engström said it was unacceptable that private corporations have that kind of power over free speech. 

Hackers dump details of politicians and banks

A hacking collective, connected to Anonymous, has dumped details about the banks and accounts of politicians online.

TeamGhostShell said that it managed to get all the details in some fairly major hacks. It said that the move was a protest against banks, politicians and to avenge the hackers who have been captured by law enforcement agencies.

The leader of TeamGhostShell, DeadMellox, reported the hack through a tweet. The details include account details of banks and politicians which were found as part of a program called ProjectHellFire. More details will apparently follow later.

He or she wrote that more releases will be carried out as part of collaborations with Anonymous and others, plus two more projects are still scheduled for later in the year.

The hackers have also claimed that they are in possession of “three different access points” to millions, probably billions, of databases from a Chinese mainframe. They also claim to have turned over the US stock exchange mainframes and Department of Homeland Security.

The files are found here  and there. 

Hacker forces Apple and Amazon to change security policies

A hacker dubbed Phobia, has forced Apple and Amazon to change their policies after breaking into to a tech journalist’s account.

According to Cnetthe hack involved looking up Matt Honan’s Twitter and guessing his Gmail account. From there they were able to view his backup email address, which was also his AppleID.

The next thing they needed was the last four digits of Honan’s credit card number. They got this through Amazon by calling its Amazon’s support line and added a fake credit card account.

Then the hacker called Amazon again and claimed to have lost the account password. Phobia used the fake credit card number, and added a new email account which then allowed him to view the last four digits of Honan’s credit card.

The hacker then called AppleID and used the credit card number as well as Honan’s birthdate to get a temporary password.

It was all too easy, and has caused a bit of a problem for Amazon and Apple, which have been touting their various cloud systems as secure. Amazon has come up with the best policy. It has stopped allowing people to change their account settings via a phone call.

Apple is currently freezing all AppleID password requests made over the phone and is thinking up a new policy. But the question is what possessed anyone to think that using the last four digits of a credit card to verify someone’s identity for such powerful services on linked devices passes for security.

Phobia said he wanted  ” to publicise security exploits, so companies will fix them”. He seems to have managed that. 

Barclaycard sucked into Italian website disaster

British bank Barclays appears to have gone native in Italy with its Barclaycard service.

For a long time, Italian banks have had a reputation for being not exactly helpful. This has saved them money lately. They were largely unaffected by the banking crash because they forgot to loan much money out.

Now it seems that Barclays, which is the only British bank working in Italy, appears to have gone completely native.

Not only are local branches spontaneously closed for no apparent reason, the move to online banking has created a website site www.barclays.it that is full of holes which makes it impossible to do anything basic like order a Barclaycard.

The website appears helpful, telling you all you need to know about the different types of Barclaycard, what you have to pay and how you can do it.

It is more or less what you would expect from a modern banking site, until you come to order the card itself.

The site tells you can order your Barclaycard by visiting the site you are on, visiting Barclaycard.it, phoning up a 24 hour hotline, or going into your branch.

However nowhere on the site does it allow you to apply for a card. Indeed if you go to the Barclaycard sister site www.barclaycard.it, you find similar information, but can’t order one either.

If you call up the 24 hour help line to apply you are asked to input the card number that you have not got before they will put you through to anyone. In fact when we tried to contact them on a Saturday the office appeared to be on an automatic message due to an Italian national holiday.

If you decide to go to your local branch you will find a very helpful person who says you have to apply online for a Barclaycard and she can only do paperwork for an American Express Card.

It appears then that the British Barclays is trying to avoid losing money in Italy. It sets up a nice website, which everyone has to be referred to, and then twice “forgets” to stick the page where you apply for one, thus preventing anyone from applying for one and getting into debt.

Unless it really was a mistake and it was just not spotted by the site QA. 

Website wants to be Arthur Daley's Google

A new search engine, which aims to be the Google of underground websites, has opened its doors promising to find punters shops that offer an array of dodgy goods and services, from stolen credit card numbers to identity information and anonymity tools.

While such search sites exist, they usually require users to create accounts and sign in before they can search for stolen credit cards and other illegal activities.

MegaSearch.cc wants to allow buyers to find the fraud shops holding the cards they’re looking for without having to first create accounts at each store. It will aggregate data about compromised payment cards, and points searchers to various fraud shops selling them.

Security blog Kreb On Security spoke to the site’s creator who said that the search engine does not store the compromised card numbers or any information about the card holders.

What it does is work with card shop owners to index the first six digits of all compromised account numbers that are for sale.

These six digits are the “Bank Identification Number” — or BIN — which identify which bank issued the cards. Searching by BIN, MegaSearch users are given links to different fraud shops that are currently selling cards issued by the corresponding bank.

The unnamed site owner said that users spend a lot of time looking through shops, and he thought it would be a good idea to make that more convenient.

He makes his money from a small advertising fee from the stores. Both sides benefit because stolen card data grows less reliable with age, and fraud shops that are indexed by MegaSearch stand a better chance of clearing their inventory faster.

The site shows that Citibank cards are the most sought-after, followed by cards issued by FIA Card Services, Capital One and Chase.

Over the next few weeks, the site will offer things like social security numbers and the addresses of hacked PCs that paying clients can use as a relay to anonymise their online communications. 

Critics question Cameron's credit cut speech before u-turn

David Cameron has been forced into an embarrassing u-turn in his party conference speech, after planning to urge the British public focus on paying off their debts. The retailers went bonkers – because of fears that the speech would encourage stagnant economic growth in consumer spending.

The electronics industry in particular could have been hit. Hysteria reached fever pitch and eventually Cameron was forced to run with the “we’re in it together” message again. Consumers are already looking after their debts. 

For certain markets, like the quick-moving consumer electronics industry, they’re already floundering. PC and notebook sales are slow. Could his speech have made things worse?

Well, probably not.

According to economist Tim Leunig at the London School of Economics Cameron’s big idea for the big idea could have a knock on effect… if anyone bothered to listen.

“Electronics items are often discretionary,” he told TechEye. “Most of the time people don’t buy new TVs or MP3 players because their old one’s broken, it is to update and this means that they are inessential. And a lot of electronics goods are in fact bought on cards, so this could have a massive impact.”

However, calls for austerity on the high street would have likely fallen on deaf ears anyway.

Leunig reckons that such remarks from Cameron would have amounted to little more than party conference rhetoric.

“If everybody listened to calls for drops in credit card spending then it would be bad news,” he said.  “But in the past Cameron urged everyone to eat more fresh fruit and veg; when was the last time anyone paid any attention to him?”

Leunig continues: “The likelihood of anyone actually acting on it is negligible, and unless there were any moves to introduce a levy or so on you could only imagine the public in a country like North Korea actually changing their behaviour immediately.”

Mobile expert at uSwitch Ernest Doku also believes that it would take a masterful grasp on persuasion to get the public to cut back.

“People rely heavily on their phones in their day-to-day lives, and cutting back on mobile usage is unthinkable for many, who would prefer to make sacrifices elsewhere,” he told TechEye. “The mobile phone has become more than simply a device to keep you in touch with others, now, for many, it’s a status symbol.”

Although our pockets are empty, we’re still buying. So perhaps Cameron is wrong when he says the public are already keeping their bills at bay: “Consequently, despite a squeeze on people’s finance in recent years, the demand for mobile handsets has proven pretty resilient. For many, being without a mobile phone at all times is now unthinkable, and similarly, a phone which provides just basic functions is no longer enough.

“If anything, the hunger and demand for new mobile technology is gathering pace, and people would rather make other sacrifices before missing out on owning the latest handset.”

LulzSec hacker faces 15 years

The Untouchables have swooped on the home of a man they think was a member of LulzSec, who took part in a computer breach of Sony Pictures.

Cody Kretsinger, 23, from Arizona has been charged with conspiracy and the unauthorised impairment of a protected computer in connection with the attack in May and June.

Reuters, which has seen the nine-page indictment, said Kretsinger and co-conspirators allegedly used an SQL injection attack on the website to gain access to Sony’s servers.

Kretsinger, who went by the handle “recursion,” posted the information he and his co-conspirators nicked from Sony on LulzSec’s website and announced the intrusion via the hacking group’s Twitter account

Sony is still trying to work out how much damage was done in the attack.

At the time LulzSec published the names, birth dates, addresses, e-mails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony, although the data was a little elderly.

The hacking group said it only took a single injection for the Sony site to fall over and for it to get its paws on everything. It commented that people should not put their faith in an outfit which allows itself to become open to simple attacks.

The attack followed another higher-profile raid on 77 million PlayStation Network and Qriocity accounts.

Kretsinger made an initial court appearance in Phoenix and was bailed by US Magistrate Judge Lawrence Anderson. As a condition of his release, Kretsinger was barred from using a computer to access the internet except at his place of employment, or from traveling to any states other than Arizona, California and Illinois.

He faces a maximum sentence of 15 years in prison if convicted. Government prosecutors want him moved to Los Angeles, where Sony Pictures’ computer system is located and where the case against him has been filed.