Marketplace Scratch Pad

No soup for you, credit card thief

Scott Jagow Aug 18, 2009

I hope Albert Gonzalez goes to prison for a long, long time. He’s the guy who was just charged with masterminding the theft of 130 million credit card numbers. In hacker circles, they call him the Soup Nazi, after the character in the Seinfeld episode. But there’s nothing amusing about Gonzalez.

From the New York Times:

According to the new indictment, Mr. Gonzalez and his conspirators reviewed lists of Fortune 500 companies to decide which corporations to take aim at and visited their stores to monitor which payment systems they used. The online attacks took advantage of flaws in the SQL programming language, which is commonly used for databases.

They chose 7-Eleven, the supermarket chain Hannaford, the payment processor Heartland and two other unnamed corporations. More:

Prosecutors say the defendants created and placed “sniffer” programs on corporate networks; the programs intercepted credit card transactions in real time and transmitted the numbers to computers the defendants had leased in the United States, the Netherlands and Ukraine.

Reporter Rico Gagliano is doing a story on this for tonight’s Marketplace, so I’ve found out a little bit more about the methods Gonzalez may have employed. He’s supposedly what’s known as a “harvester”. His speciality is extracting the information that’s on the back of your credit card. He does this in large batches by hacking into company databases, as described above.

The information might then be sold online or to another specialist called a “carder.” The carder puts the data onto a new card with a magnetic stripe. Actually, often they use old cards that people throw away. The new card is then used to buy things or take money out of ATM’s (sometimes, PIN #’s are sold with the data). A lot of this work is done in Eastern Europe, home to some seriously skilled hackers.

What’s striking is that the price of this data has fallen considerably. Criminals used to pay $10-$15 per card number. Now, they’re going for about $1.50. The market has been over-saturated with stolen credit card numbers. Gonzalez is likely a big reason for that. He’s already in jail awaiting a trial for separate credit card fraud charges. Hopefully, getting him off the street makes a dent in this worldwide trade.

But I wouldn’t count on it.

I just typed some simple keywords into Google and turned up a website where people were listing prices for this stuff. One of them actually listed some woman’s entire portfolio of information, as a sample of his goods. It listed her account #, password, answers to secret questions, address, social security number, mother’s maiden name, checking account number, routing number. Everything. It’s frightening. Other people on the site were writing messages, begging for a working card number, making offers.

Here’s some of it (cvv is that little security code on the back of your card):

Sell Cvv info live 100% fresh in to day!

Us cvv Visa-Master price $1.50/cvv buy from 40/cvv price $1/cvv
Us cvv Amex-discovery price $2.50/cvv buy from 30/cvv price $2/cvv
Ca cvv Visa-Master price $4/cvv if u buy from 40/cvv price $3/cvv
Ca cvv Amex-discovery price $5/cvv if u buy from 40/cvv price $4/cvv

SELLING FRESH CVV,(EU,US,UK,CA,AU) FULLZ WITH SSN, MMN, DOB, DVL AND
FRESH BASE DUMPS 101 AND 201 .. FRESH PAYPALS TOO

PRICES

Credit Cards (With CVV)

US With CVV – 3$
US With CVV – 5$
UK With CVV – 5$
EU With CVV – 8$

Full Credit Card (With MMN, SSN, DOB, PIN)

US With CVV – 15$
CA With CVV – 20$
UK With CVV – 20$
EU With CVV – 25$

Like I said, I hope Gonzalez goes to prison for a long, long time. But perhaps this case will open some eyes. You certainly can’t trust companies to protect your information. You have to be vigilant yourself, check your accounts often, call the bank immediately if you see something suspicious. And of course, check your credit as often as you can, because a stolen credit card number is bad enough, but it’s resolved fairly quickly.

If the bad guys get all that other personal information, they can do something much more difficult to fix — open new accounts in your name.

I know. I was a victim of identity theft. And it was just about my worst nightmare.

We’re here to help you navigate this changed world and economy.

Our mission at Marketplace is to raise the economic intelligence of the country. It’s a tough task, but it’s never been more important.

In the past year, we’ve seen record unemployment, stimulus bills, and reddit users influencing the stock market. Marketplace helps you understand it all, will fact-based, approachable, and unbiased reporting.

Generous support from listeners and readers is what powers our nonprofit news—and your donation today will help provide this essential service. For just $5/month, you can sustain independent journalism that keeps you and thousands of others informed.