Hacker: Warum sie entkommen

Lesen Sie in dieser Aufzeichnung, wie Hacker Tipps zum Thema Kreditkarten-Klau austauschen:

„Kinderleicht“:
Dieser Online-Chat zwischen zwei Hackern wurde von Dan Clements von CardCops an News.com und das FBI weitergeleitet. Hier geht es um mögliche Wege, in ein System einzudringen, das Kreditkarten-Nummern verifiziert. Hacker verifizieren gestohlene Kreditkarten-Nummern um festzustellen, welche der Karten benutzt werden können. Namen und sonstige Hinweise auf die Identität sind entfernt worden, ebenso die Karten-Nummer, die mit 480XXXXXXXXXXXXX, Gültigkeitsdauer 08/02, angegeben ist.

Session Start: Mon Apr 29 12:37:12 2002

<Hacker #1> try this: !chk 480XXXXXXXXXXXXX 0802

<Hacker #2> channel keeps dying

<Hacker #1> you mean the server?

<Hacker #1> try and connect to : irc.carrier1.net.uk (6667)

<Hacker #2> !chk 480XXXXXXXXXXXXX 0802 -Commandos- I’m Checking your CC Now (480XXXXXXXXXXXXX 0802), Please Wait (Commandos)

<Hacker #2> !chk 480XXXXXXXXXXXXX 0802 <~ __12_[___10Status:_ _4Valid – $10__12_]__ _12_ ~ _12_[___10by (Hacker #3), _4#TheCC__12_]__

<Hacker #1> :))

<Hacker #1> working one ;)

<Hacker #2> i see..cool..so (Hacker #3) wrote it?

<Hacker #1> yippe :))

<Hacker #1> yep

<Hacker #2> and the merchant account is thru (the company)?

<Hacker #1> yep, the merchant i hacked though :P

<Hacker #1> well not properly hacked, but you could do a bruteforce attack on (the company) system

<Hacker #2> i see

<Hacker #1> also just find a site that uses (the company) cart, and look in the code for the (deleted)

<Hacker #1> and thats the username of the account

<Hacker #1> thats all you need and you are done, then you use the vulnerability

<Hacker #1> then you take this bot and run it on a chan, and you become elite :P lol as if

<Hacker #2> shit..it’s that easy?

<Hacker #1> yep easy as pie

<Hacker #1> the vuln is the following url:

<Hacker #1> (deleted)

<Hacker #1> and of course i have made my own html page for it, giving it more control, easier to use

<Hacker #1> e.g chaging the username of the merchant, boxes for name, address and other details (some accounts require you to put all of the info otherwise they wont check the card)

<Hacker #1> also there are 3 more types of transactions (deleted)

<Hacker #2> intersting..what do u think (the company) should do?

<Hacker #1> they should renew their checking system

<Hacker #1> or at least put some kind of filtering

<Hacker #2> i wonder how long this xploit will be available?

<Hacker #2> guys are still validating cards all day long?

<Hacker #1> but then again, they just give instructions to the people who use the accounts to do it themselves

<Hacker #1> they never did send a notice to the merchants

<Hacker #1> its just posted in their site, we know that our system is hacked etc…. so pliz fix the problem yourselfs

<Hacker #1> that kind of bullshit

<Hacker #1> and because of them loads of companies are getting charged shit loads of money per day, cause it is that easy to exploit their system

<Hacker #2> so all merchants have to baby sit their account and catch the validations?

<Hacker #1> yep thats correct

<Hacker #1> while (the company) just sits back and says we are logging everything, but we are doing nothing about it :P

<Hacker #1> logging = monitoring the merchants

<Hacker #2> i wonder if they are reporting those stolen ccs to anyone???

<Hacker #1> i dont even think that they notice that there are strangers using merchants on their systems and using stolen ccs

<Hacker #1> you cant really tell if the cc is stolen or not though

<Hacker #1> you can only tell when the owner reports that their cc is being used by other ppl

<Hacker #2> well if it validates the number and exp…can u assume some carder will use it?

<Hacker #1> or when a shop admints that they got hacked and gives out the ccs to a bank so that they can be declined

<Hacker #1> most merchants have their system setup to (deleted).

<Hacker #1> acutally that the mayority of them

<Hacker #2> hey thanx..this is the kind of info i need

<Hacker #1> thats ok, i am here to help :d

<Hacker #1> its better to chat here than through icq :P

<Hacker #2> yes..seems to work better

<Hacker #1> btw you can inform visa about that cc :P

<Hacker #1> about this one: (deleted)

<Hacker #1> Visa 480XXXXXXXXXXXXX 08/02

<Hacker #2> ok…not sure any bank will cut it off….they make money off the fraud, LOL

<Hacker #1> yeah i know :P

<Hacker #1> thats one thing i dont understand though, how can they make money out of it?

<Hacker #1> they are supposed to pay back the money arent they?

<Hacker #1> or i am confused with the merchant?

<Hacker #2> the issuing and acquring bank split the chargeback fees..the merchant pays the fees plus the merchandise

<Hacker #1> i see

<Hacker #1> btw does (bill-payment company) check the amount on the cc?

<Hacker #2> not sure…can u investigate?

<Hacker #1> its a bit difficult, but yes i will, i think that the (bill-payment company) acc i have still works :P

<Hacker #1> but havent been able to figure out how it works :P

<Hacker #1> the old gui was better the new one is shitty

<Hacker #1> i know what sins is gonna do later today :P

<Hacker #1> he is gonna use that card and card some pr0n :P lol

<Hacker #1> anymore q’s?

<Hacker #2> not right now…this has been great…thanx again

<Hacker #1> np :d

<Hacker #2> cya

<Hacker #1> cya later then, i am off to watch One Night At McCools (2001) :))

<Hacker #2> later

*** Disconnected
Session Close: Mon Apr 29 12:58:08 2002