Speaking of Security – The RSA Blog and Podcast

The fallout from the news of the Global Payments breach may be just subsiding, but one thing can already be said – this probably isn’t the last processor that will be breached.

They say history repeats itself, or perhaps this is the story of a community recovering from a catastrophe. Either way, the underground is returning to its former glory, and not just in how much business is being conducted – but how it is conducted.

Everybody knows that the Russian fraudsters are more sophisticated than their English-speaking counterparts. However, this isn’t the only geographic-related difference between fraudsters.

Of all the terms describing identity theft methods, “Vishing” (which stands for “Voice Phishing”) is perhaps the most ambiguous one. A simple Google query for the definition of the term shows just some of its multiple interpretations. But why are fraudsters using this type of attack?

Around this time last year you may have read my SecurityWeek article, The Optimist’s Cybercrime Predictions for 2011. Now that the year is drawing to an end, I thought it would be an interesting opportunity to look back to my 2011 predictions and see how each of them panned out.

Looking to maximize their profits, fraudsters need to do a whole lot of learning. They can either learn techniques of areas they have not focused on thus far, learn better techniques in the field they already specialize in, or learn new cover stories to improve the techniques they already use. A lot of this learning is done through trial and error. That’s how fraudsters discover vulnerabilities in banks’ processes that allow them to cash out a lot of money with relatively little effort.

In the short time I’ve been blogging, I’ve written relatively often about automated CC stores. These websites offer fraudsters an automatic way of buying stolen credit cards – simply fund an account with e-currency, choose which type of card you would like, pay and receive the full credential. Their popularity has reached such a fever pitch. Recently, we’ve encountered a new development in the underground in regards to these sites – forums opening “official” stores.

Whenever we present about the underground and mention that fraudsters often post compromised credit cards for free we often get the question “Why would they do that?” Considering that unlike the hacker communities of years past, the underground economy is all about the money (and not bragging rights), this is a very legitimate question. After all, if the fraudsters’ goal is to maximize profit, why would they give away stuff they can otherwise sell? The answer is pretty straightforward.

The world of fraud prevention (and information security in general), is characterized by an arms race between the good guys and the bad guys. Security companies and financial institutions develop solutions, procedures and policies to thwart fraud attempts, while fraudsters develop the tools and techniques to circumvent these systems. If a certain fraudulent activity is observed, companies react by customizing the systems, or inventing new ones, to identify and prevent the reoccurrence of this activity.

Credit card checkers play a crucial role in the fraud supply chain when compromised credit cards are involved. Banks are constantly on the prowl for common points of compromises (or CPPs) – common denominators between cards where fraud was observed, which indicate the source from which the cards were compromised. They enable banks to identify additional cards that could be at risk and block them before fraud occurs (and it will most likely occur, at some point).