With the number of people exposed in breaches at Sony now topping 100 million, its natural to wonder what happens next if your data winds up in the hands of for-profit cybercriminals. The answer is, it probably gets sold for less than the price of first-person-shooter.
Sony this week announced a second breach of its systems, this one targeting Sony Online Entertainment, the companys game development and distribution arm. Sony uncovered the hack while investigating last months intrusion into the PlayStation Network that compromised personal information on 77 million users, included the encrypted credit card data belonging to 12 million of them. The new attack adds another 24.6 million users, with 20,000 credit card and bank account numbers.
In a letter to a House committee investigating the privacy implications of the breaches, Sony on Wednesday pointed the finger at the hacktivist collective Anonymous for the first time. The SOE attacker, the company said, left a file behind named Anomymous, containing the familiar tagline, We Are Legion.
If Anonymous was really behind both intrusions, that could be good news for consumers: The group isnt known for identity theft or credit card fraud. But the Sony letter also describes the PlayStation Network hackers zeroing in on the customer database. Could for-profit intruders have dropped Anonymous calling card as misdirection, like storm troopers leaving gaffi sticks and bantha tracks outside a smoking sandcrawler?
Sony said that so far, credit card companies havent seen any fraudulent activity linked to the breach. But if profit, not lulz, was the motive in the attack, then the stolen data will almost certainly be sold eventually, and a global underworld exists just for that purpose.
Vendors advertise their stolen data on web-based carder forums, and sometimes operate their own virtual storefronts. But the detailed negotiations over price and quantity often take place in private chats, away from the prying eyes of law enforcement and the public.
The seller: Max 'Generous' Butler
You can see how all that unfolds in the chat that follows: a 2005 conversation between two carders that I used in researching my book, Kingpin: How One Hacker Took Over the Billion Dollar Cyber Crime Underground.
The seller in this deal is Max Butler, the subject of the book. A white hat hacker gone bad, Butler at this time was still finding his legs as a stolen credit card vendor, using the handle “Generous.”
Hed recently cracked the point-of-sale system at a pizza restaurant in Vancouver, Washington, and he was looking for someone to buy the credit card dumps - magnetic stripe data, including account numbers - that he was stealing from customers. (Note that dumps are more valuable than the credit card numbers involved in the Sony breach, which would likely sell for less than 50 cents each.)
The buyer: Brett 'Gollumfun' Johnson
The buyer here is Brett “Gollumfun” Johnson, a veteran fraudster who was,unbeknownto Butler, working as a Secret Service informant from the agencys Columbia, South Carolina field office. That, of course, is why we have logs of what would normally be a very private conversation.
(Some helpful terms: IAACA is the International Association for the Advancement of Criminal Activity, a now defunct carder forum where Butler was trying to get approval to sell his data. Track2 refers to the second of two tracks on a credit card magstripe — it contains everything but the customer name. And to throw off law enforcement, Butler liked to style his dumps as skims, implying falsely that they were stolen by a retail or restaurant worker using a hidden handheld skimmer. Dumps are redacted, and the formatting and avatars added for readability.)
06/11/05 GReetingshiour mutual friend mentioned you might be interested in track2 skims?indeed. skims, eh? VERY interestedcool here hang on a secGReatcan i ask you a quick question first.. how do you feel about being picky regading type/bin versus if they are fresh? advantage i have is i have very very fresh stuff but most are classics.. each batch/day has a mix with a few business, signature, platinum, gold/premier, and then mostly classics. here is a batch from a few days ago should get no cfa/pickup at all – all should work as cardholders used them very recently. = credit CLASSIC United States of America U.S. Bank National Association ND = debit CLASSIC United States of America Washington Mutual Bank = debit CLASSIC United $tates of America Washington Mutual Bank = debit CLASSIC United States of America Marion & Polk Schools Credit Union = debit CLASSIC United States of America Cutting Edge Federal Credit Union = debit CLASSIC United States of America Providence Health System Federal Credit Union = debit CLASSIC United States of America Wells Fargo Bank Iowa, National Association = debit CLASSIC United States of America Wells Fargo Bank Iowa, National Association = debit CLASSIC United States of America Wells Fargo Bank Iowa, National Association = debit CLASSIC United States of America Wells Fargo Bank Iowa, National Association = debit CLASSIC United States of America U.S. Bank National Association = debit CLASSIC United States of America U.S. Bank National Association = debit CLASSIC United States of America US. Bank National Association = debit CLASSIC United States of America U.S. Bank National Association = debit CLASSIC United States of America U.S. Bank National Association = debit CLASSIC United States of America Bank of America, National Association = debit CLASSIC United States of America Bank of America, National Association = , debit CLASSIC United States of America Bank of America, National Association = debit CLASSIC United States of America U.S. Bank National Association = debit GOLDPREMIER United States of America Wells Fargo Bank Iowa, National Association = debit GOLDPREMIER Unitead States of America Bank of America, National Association = debit GOLDPREMIER United States of America Washington Mutual Bankand of unknown type: = United States of America Clark County School Employees Credit Union = United States of America KEYBANK NATIONAL ASSOCIATIONand = = = this batch is typical exceptthat i pulled the 1 business, 1 signature, and 2 platinum out for our friend about an hour agoother batches will of course be completeDamn. VERY impressive. Are these good to use now?Yepexclusive direct skimsi only capture track2 so you’d have to make tr1 of courseso how much you charge?customers used these approval in past week (though i get these every day i’m backlogged going from oldest->new)thats goddamn impressivehaven’t been approved to vend anywhere so haven’t made prices, i figure whatever is fair, something below market rate and i’ll be very happy just try i guess and pay what you think is fair – i can give you another batch that includes the nicer cards tooThats a deal.oh, these are ones the cardholder swiped on .. june 2nd (in case it mattersIt will take a few days to run these, but Im sure our mutual friend has told you im good for the money–hehyeah if you need some of the other types (platinum etc) to do a valid and normal testing, let me know i can do that tooAnd will also lend to the review on iaaca when you start to sell thereI cold use a couple plats. might be fun. hehhere you know what, kid says you’re good for it lemme give you another batch, this will include all types, hang a secgood dealok hopefully these pastes are coming through ok = United States of America FIRST PREMIER BANK = United States of America KEYBANK NATIONAL ASSOCIATION = debit BUSINESS United States of America U.S. Bank National Association = credit CLASSIC United States of America Billings Federal Credit Union = credit CLASSIC United States of America U.S. Bank National Association ND = credit CLASSIC United States of America Retailers National Bank = credit CLASSIC United States of America U.S. Bank National Association ND = credit CLASSIC United States of America Consolidated Federal Credit Union = credit CLASSIC United States of America Providian National Bank = credit CLASSIC United States of America Bank of America, N.A. (USA) = debit CLASSIC United States of America Wells Fargo Bank Iowa, National Association = debit CLASSIC United States of America Wells Fargo Bank Iowa, National Association = debit CLASSIC United States of America Wells Fargo Bank Iowa, National Association = debit CLASSIC United States of America Wells Fargo Bank Iowa, National Association = debit CLASSIC United States of America U.S. Bank National Association = debit CLASSIC United States of America U.S. Bank National Association = debit CLASSIC United States of America U.S. Bank National Association = debit CLASSIC United States of America U.S. Bank National Association = debit CLASSIC United States of America U.S. Bank National Association = debit CLASSIC United States of America US. Bank National Association = debit CLASSIC United States of America Electra Central Credit Union = debit CLASSIC United States of America Bank of America, National Association = debit CLASSIC United States of America Bank of America, National Association = debit CLASSIC United States of America Bank of America, National Associationgood deal. can you email as well? gollumfun@mailvault.com = debit CLASSIC United States of America Wells Fargo Bank Iowa, National Association = credit GOLDIPREMIER United States of America First USA Bank, National Association = i credit GOLDiPREMIER United States of America First USA Bank, National Association = debit GOLDPREMIER United States of America Bank of America, National Association = credit PLATNUM United States of America Bank of America, N.A. (USA) = credit SIGNATURE United States of America Capital One Bank = credit SIGNATURE United States of America First USA Bank, National Association = = = = = np will dothanks much. I appreciate it. Will make you happy with payment also, no problem
generous:please email as well. in case something happens to my cut and paste. hehok might want to just wait for email its much better formattedi’ve got it sending ..good deal. Again–I appreciate it. will put these to good useack need to resend hit wrong button hanglol. ok. mailvault takes a little while with their servers anyway. Ill receive the list about 2 hours after you send it. so no hurryok lemme know if it comes through okhehokthanks again. I can see that you and I are going to be doing some good business in the future.should be 63 in a txt file attachmentexcellentgood deal. that include both sets you sent or just the last one?i included both with small footnote labeling themEXCELLENT. Just received via email.Thats damn impressive. I think you now have a steady customer. heh. will advise on how they turn out. and will e more than fair with payment. GOllumlook forward to hearing happy shoppinghow old is the second set of skims you sent my way?ran by customers ~7 days agogood deal. Ill use the june 2nd ones firsthope you don’t mind. i could send from today but thought this would be a good sampleno–this is more than fine. Im sure Ill get a lot of use from them. how are the debits going for you on average?i have heard keep all classics under 1k/800 per swipe dont try to get big electronics etc.. seems that credit/debit doesn’t matter as much as typegood deal. that is my expoerience as wellso for example i’ve heard platinum debits are rocking in most cases even thouhg debitheh. indeed. just wanted to compare. So–thanks again. will keep you updated on progress. when are you going to be reviewed on iaaca?no idea .. asked a long long time ago and no one ever got back to me. also just got into a spat with unauthorized (or some dude who stole his account i can’t tell yet) so who knows how that will shake outwell–Ill update Imperium on how these are going as well. we will get you on there asap. Id say you will get a TON of salesawesome thank youno prob, and thank you. Gollum
06/13/05 hi how are things?Hello hello. Was just signing in to picpay. zero balance. very sadyou had a full account?lol–oh no. CIA intel said he was gonna send me $50k this morning. I was looking forward to shopping. oh well … Hes a damn criminalahhow is picpay funded?i can control pips funds (like probably a shitload of other people), that are supposedly can be withdrawn to picpaynot a fucking clue on how funded. Pitboss persuaded me in to opening a account yesterdayi have to leave in the next few min to airport..the picpay thing is reali’ve got all the password hashes for pips userslike millions in credits therebut i just don’t know how to pull it outanyway thats not my thingi just have accessanyway how have the dumps been?i’m still trying to get reviewslol. wel–how can i get in on that? would like some funds to withdraw or at least use to urchaseer, i mean reviewedwill notify on dumps starting tomorrow.i can’t do anything until tomorrow i am literally packing and getting on the way out the doorLOL. ok–have a safe flight, ok?kget up with me when you are rested and such. Take care. GOllum
06/17/05 hi just checking in on the status with the dumps i sent, hoping you have some feedback for me pleaseyep. Got some guys out using them today. Will have payment for you in the next couple days–ok? Im having some trouble with some idiots on iaaca right now. they hijacked my accountugh, sucksok no problem i’ll be patientthough don’t let the stupid boards distract you from good business i learned awhile back to not let them get to me
6/20/05 hello hellohihey hows it going, hoping i’d hear backok. Im ready to pay, but i am unable to find out fair pricing for dumps until I get back on iaaca. Ill ask you again–what were you going to charge for them?i have always maintained “below market rates” and i think thats the fairest approach, if you want i can name some specifics right now but the only thing i have to go by is something like http://dumpvendor.com/ok. hold a minute and lemme look at the pricing and such. also–that doesnt appear to handle debit. just hold and lemme look a secok. this is fidels ricing from carderportal: visa Gold/Platinum/Signature/Purchasing/Busines/Corporate -30$
classic/MC-20$
amex/discover-30$as you can see–a much biggerr price differenceright. i’ve seen a huge range of priceswhich is why i don’t have a set price yetand just said “whatever is fair, i’ll beat market rates”so what do you think of the ablove prices?looks fine to me, probably cheap end but i don’t care thats fineI would go higher, but cant log on to iaaca right now to determine their prices. SO–I can pay those rates tomorrow or can wait and log on to iaaca and determine prices thereeither way i’m happyare you ready to do egoldok. into the bank of america account?like funded account ,or did you want to use our friend as intermediaryok thats fine toocoolour friend is fine with me if ok by you. do you have the account info? I dont keep shit like that laying aroundi don’t sorry, he’ll have to mesg youill get it from him today. funds deposited tomorrow, ok?sounds goodand are you happy with this transaction?I’ll have more batches ready tomorrow then and we can go forward as much as you wantYesgood deal. Ill also notify Imp when Im back on iaaca of the success rate ad thazt I feel you are a good vendorthanks i appreciate it seems very difficult to actually get a review around thereheh. it CAN be. Im surprised its taken this long to just get me back on board after I was hacked. That tells me the admins are pretty damn busytrue, they must be doing good business well patience is a virtueheh. amenok i’ll ttyl i gotta go afk errandsgood deal. take care. GOllumhi i have the account number its BOA 950555i didn’t realize fleet and boa had merged.good deal. Ill deposit tomorrow. (Message was sent. User is Offline.The message will be delivered when user goes Online.)
06/21/05 35–tested
24 classic 16 good
10 gold or plat– 6 good
320 for the classic.
180 for the plats
500 total. $800 deposited
Top image courtesy California State Controllers Office.
See Also:
Previously:
- Sony Hack Probe Uncovers Anonymous Calling Card
- PlayStation Network Hack: Who Did It?
- Book Excerpt: Kingpin How One Hacker Took Over the Billion Dollar Cyber Crime Underground
- Secret Service Operative Moonlights as Identity Thief
