How Credit Card Hacking Is Done
The Hackers’ Lair
Aren’t you amazed by the willingness of so many credit card hackers to talk openly about how they do what they do with journalists? Now, if the stereotype is true, these are highly-caffeinated twenty-somethings we are talking about here, so bragging about their feats would be precisely what we should expect them to do. Surely enough, many of them keep telling us that hacking for them is a game more than it is a money-making enterprise and the fact that they are willing to risk going to jail just to see their noms de guerre on the pages of a newspaper should be solid proof that they are telling the truth. Still, though, quite a few hackers do indeed go to jail and if you spend time in this community, you should know such people. But then, there are probably many more hackers who have managed to steal enough money and get away with it to enable them to live quite comfortably, if warily, at a location of their choice and you would also know those stories, too.
The latest spurt of hacker outspokenness, and the immediate cause for this blogger’s present meditation, is a Le Monde piece, shared with us by Worldcrunch. It is the story of Ramnicu Valcea — an outwardly nondescript Romanian town, located at the foot of the Carpathian Mountains. However, its sleepy appearance should not deceive us, we are warned, for “Hackerville”, as the town is dubbed, is “the world capital for online theft”. It should come as no surprise then that Hackerville’s residents, as their counterparts at any other world capital, take a good deal of pride in their status. Nor does the apparent hostility towards them displayed by various law-enforcement outfits seem to bother them all that much. I wish they had a reason to feel at least slightly less comfortable.
‘The Hackers’ Lair’
Mirel Bran, Le Monde’s journalist who wrote the piece, is giving us an idyllic description of the town in question — a “quiet, leafy city” — but one with a “secret buried in its working-class neighborhood, Ostroveni”.
But is whatever may be going on in Ramnicu Valcea really a secret? After all, Bran tells us of expensive cars “[p]arked around [the] poorly constructed buildings erected during the Cold War dictatorship” and behind the wheels we find “youths between 20 and 30-years-old [who] are proud of showing off a wealth that deeply contrasts with its surroundings”.
Now, if you have spent any amount of time in a small town in a poor Eastern European country, you would know full well that there is absolutely no legal way for a bunch of twenty-somethings to become wealthy en masse. None whatever. Yes, a few youngsters could well have done well for themselves in a post-communist environment in which everything had to be built up from scratch, presenting incredible first-mover opportunities in otherwise quite ordinary fields of commerce that are not to be found in developed countries. Crucially, however, everyone knows just how these youngsters have made their piles. You couldn’t quite say that about many of the well-off residents of Ostroveni. Well, maybe we couldn’t, but the youngsters at issue could and did so to Bran. Let’s hear them.
On Omerta, Idiots and Internet
Bran tells us that omerta — the code of silence — is the “norm” in Ostroveni. Yet, the journalist finds no shortage of information sources in the community. The victims of the local hackers can be found all over the world, one hacker tells Bran, but are “mostly Americans”. Why? Well, let’s have him explain it:
“It’s easier with the Americans,” he says, “these guys buy their bread online, they’re used to do everything on the Internet.” He claims to sometimes “bamboozle four or five users per week, leaving me, in the end, a few dozens or a few hundred thousand dollars richer.”
The hacker goes on to paint a fairly detailed picture of the process:
“It’s a big world we live in and it’s full of idiots ready to buy anything on the Internet,” he says. “We sell fictitious products, we clone websites and hack credit cards. In Europe, in order to get the cash in, we use “arrows” (money mules) — their only job is to withdraw the money previously sent to an account. They keep 30% of the loot and then send us the rest via Western Union.” Given the many Western Union signs that have flourished in the center of Ramnicu Valcea, business seems to be blooming.
Now tell me, how in the world can the authorities be having difficulties tracking the bad guys of Ostroveni down? How can it be so difficult It is not as if they are hiding. They tell us what they do, how they do it and where they live — all in minute detail. Isn’t that amazing!?
And it’s not as if governments aren’t spending money on fighting the hackers. On the contrary, Bran tells us that a “group of FBI cyber-criminality specialists has set up shop in Bucharest, in order to — among other things — train 600 Romanian policemen to end the scourge”. Some successes are listed, including arrests of 500 people in 2011, but apparently not nearly enough has been done to raise even the slightest concern among Bran’s sources.
The Takeaway
Bran’s piece is not the first one dedicated to the “nerve center of cyber-criminality” that is Ramnicu Valcea. Two years ago it was Wired Magazine’s Yudhijit Bhattacharjee’s turn to write about the city’s luxury car dealerships selling “top-of-the-line BMWs, Audis, and Mercedes driven by twenty- and thirtysomething men sporting gold chains and fidgeting at red lights” and to inform us that “the town is indeed full of online crooks, but only a small percentage of them are actual hackers”. Most of them actually specialized “in ecommerce scams and malware attacks on businesses”, we learned back then. The authorities had calculated, Bhattacharjee told us, that together Hackerville’s cyber-criminal schemes had generated tens of millions of dollars of revenue for the city. It’s much the same picture as the one painted by Bran — a picture of a boom town. And I see no reason to expect an end of the boom anytime soon.
Image credit: MyLocomotives.
Hacking is a big problem in the U.S., but not so big in Europe, which is another reason why we should switch to EMV just as quickly as we can.