Recently I saw a post about working in the Department «K», and now there will be a post about working as a carder (those who steal money from cards). I will write where they take the material for work, how to drive the Central Bank, ship things on drops and how to catch such individuals. Think of this as information for your safety, not instructions for action. Yes, I didn’t work as a carder, I’m just very good at it.
Getting started: you need somewhere to get Mat (material), in the case of a stick (PayPal) is a normal Brutus/check (selection of the password to the account if no/password authentication if it is) for merged databases from websites. If you work on BA (Bank accounts), then there is almost the same scheme. There is a scheme with phishing (fake Bank page)where the user enters their data from the Bank account.
Existing protection: almost all stores do not ship the product to the CIS if it was ordered from a PayPal account that belongs to a citizen of the USA/Canada/France / etc. There are also anti-fraud systems that block suspicious transactions. But how do scammers order their equipment at someone else’s expense? More on this…
Sleight of hand: So how do we order a product for ourselves from someone else’s card? Everything is quite simple: we order a gift card (the so-called e-gift) on the (cardholder) and having access to the mail just copy the number of the gift card that would already be from your account to order the product on the drop.
Circumvent anti-fraud is also quite simple: when buying BA, it is registered in PayPal by entering your phone number, email and address.
Product path: Most foreign stores do not send goods to Russia; this is why carders use intermediaries. There is a high chance that the intermediary will deploy the parcel back as soon as he calls, this is why many carders «make a mistake» in the phone number of the intermediary, for this, there is a fine of 20 bucks, but the chance of passing the parcel increases. Then the intermediary sends the product to the Russian Federation for a drop, the drop receives the product and already sends it around the country without the participation of the carder. By the way, the intermediary can safely turn the parcel back.
The way of money: Carders are engaged not only in things but also in withdrawing money. This can be done through a casino, online games and similar places where there is a possibility of the input, the «transfer» and withdrawal. Using a casino is easy, for this money just loses to your person.
Covering the tracks: to drive in use hacked computers of ordinary citizens, so after the job is done, they are simply cleaned of logs and thrown out on the forums in the distribution, where a crowd of schoolchildren runs over them and leaves a bunch of tracks. Carders also work with virtual machines and android phone emulators, but you can just delete them.
Search for carders: Our police are like a penguin-until you kick it will not fly. An investigation begins if a large amount of money was stolen (more than $100k) and a request came from the FBI, the request is ready data on a silver platter. It only remains to break through the IP address and find the criminal, the full name and address of the drops are already in the request. To find criminals via drops — not really, they are not in contact with the drops on the line and maybe from another country. If the FBI is lucky enough to unravel the entire chain of VPN servers, proxies and SSH tunnels — carder will be found, but it will be difficult to prove guilt, so during my work, carders were caught slightly less than none.
Many asked me to tell you more about the investigation of crimes, but there is nothing to tell, it’s the same everywhere, so I added a small introduction to the last paragraph and told you how carders work. And they do not work in the CIS, I think it is clear why.
If you are interested, I can tell you how they work in other areas, such as blackmail, phishing, botnets, malware, hacking sites and so on.