TechCentralTechCentral
    Facebook Twitter YouTube LinkedIn
    Facebook Twitter LinkedIn YouTube
    TechCentral TechCentral
    NEWSLETTER
    • News

      Unlawful Eskom strike costing South Africa three stages of load shedding

      1 July 2022

      Striking Eskom workers will face consequences: De Ruyter

      1 July 2022

      The AI tool that has changed my life as a developer

      1 July 2022

      Google.co.za is down and the domain is pending deletion

      1 July 2022

      US files charges over South African bitcoin fraud scheme

      1 July 2022
    • World

      Meta girds for ‘fierce’ headwinds

      1 July 2022

      Graphics card prices plummet as crypto demand dries up

      30 June 2022

      Bitcoin just had its worst quarter in a decade

      30 June 2022

      Samsung beats TSMC to 3nm chip production

      30 June 2022

      Napster plots crypto comeback

      29 June 2022
    • In-depth

      The NFT party is over

      30 June 2022

      The great crypto crash: the fallout, and what happens next

      22 June 2022

      Goodbye, Internet Explorer – you really won’t be missed

      19 June 2022

      Oracle’s database dominance threatened by rise of cloud-first rivals

      13 June 2022

      Everything Apple announced at WWDC – in less than 500 words

      7 June 2022
    • Podcasts

      How your organisation can triage its information security risk

      22 June 2022

      Everything PC S01E06 – ‘Apple Silicon’

      15 June 2022

      The youth might just save us

      15 June 2022

      Everything PC S01E05 – ‘Nvidia: The Green Goblin’

      8 June 2022

      Everything PC S01E04 – ‘The story of Intel – part 2’

      1 June 2022
    • Opinion

      Has South Africa’s advertising industry lost its way?

      21 June 2022

      Rob Lith: What Icasa’s spectrum auction means for SA companies

      13 June 2022

      A proposed solution to crypto’s stablecoin problem

      19 May 2022

      From spectrum to roads, why fixing SA’s problems is an uphill battle

      19 April 2022

      How AI is being deployed in the fight against cybercriminals

      8 April 2022
    • Company Hubs
      • 1-grid
      • Altron Document Solutions
      • Amplitude
      • Atvance Intellect
      • Axiz
      • BOATech
      • CallMiner
      • Digital Generation
      • E4
      • ESET
      • Euphoria Telecom
      • IBM
      • Kyocera Document Solutions
      • Microsoft
      • Nutanix
      • One Trust
      • Pinnacle
      • Skybox Security
      • SkyWire
      • Tarsus on Demand
      • Videri Digital
      • Zendesk
    • Sections
      • Banking
      • Broadcasting and Media
      • Cloud computing
      • Consumer electronics
      • Cryptocurrencies
      • Education and skills
      • Energy
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Motoring and transport
      • Public sector
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Advertise
    TechCentralTechCentral
    Home»In-depth»Cyber attacks fast becoming a full-blown industry

    Cyber attacks fast becoming a full-blown industry

    In-depth By The Conversation27 October 2015
    Facebook Twitter LinkedIn WhatsApp Telegram Email
    hacker-640
    Image: www.elbpresse.de

    Cyber attacks such as that recently suffered by telecoms firm TalkTalk can result in hair-raisingly large losses: TalkTalk may have lost the details of 4m customers, while in just the last few months Carphone Warehouse lost 2m, Experian lost 15m T-Mobile customers’ details, and dating website Ashley Madison lost 32m users’ details. The impression is that all this data is a danger to us in the wrong hands, but where does it end up, how is it used, and by whom?

    Stolen data such as credit card or personal identity details turn up for sale on websites and on sites in the dark Web, accessed through Tor — an anonymisation network that makes it near-impossible to discover the origin and destination of Web traffic, nor the identities of those involved. Using a Tor-enabled browser, it’s possible to browse Web pages on the standard Web anonymously. It’s also possible to access what are called Tor hidden services, essentially anonymised websites in the dark Web, using the .onion domain suffix.

    TalkTalk has alerted its customers to the possibility that their full name, address, date of birth and credit card details may have been compromised — although later reports suggest the breach may not have been as serious as first thought. However, complete card and customer details are a valuable commodity in online underground markets and can be used to make fraudulent transactions.

    The personal details of TalkTalk customers, like those of previous hacks, could show up as products for sale on specialised underground “carding” forums. Carding is the act of using stolen personal information for profit. The price of a set of card details or personal information varies according to the amount of information available on a particular individual and how recent the cards have been obtained. Prices generally fluctuate from US$45 to $2 per card, with more freshly acquired cards the most expensive.

    There are many ways to acquire card details using physical means such as skimming devices installed on cash machines or pay points. But those online generally come in two types. High-quality stolen data, known as “fullz”, include all the information on an individual needed for fraudulent purposes. This usually includes the cardholder’s date of birth, mother’s maiden name, or other identity details commonly used as security questions. Other useful products are sold as CVV (what card companies call card verification values), the full details from a card required for making purchases such as expiration date and check code printed on the card’s signature strip, as well as the card number and cardholder’s name.

    Cashing in
    There are many ways for a buyer of stolen card details to try to profit from their purchase. Generally, small amounts of cash can be withdrawn from an account to try to avoid detection by both bank and victim. Larger transactions will be noticed more quickly and get cancelled. A common method is to use stolen card details to make online purchases, often from relatively small online shops that are likely to have fewer fraud prevention measures such as verifying the cardholder’s address.

    In other cases, novel and complex techniques will be used, to get involved in fake Web shops or warranty fraud, for example, for which the methods are also available to purchase in underground forums — often for thousands of dollars. Some advanced methods involve using dozens of stolen credit cards each week, generating the carder several thousands of dollars a week. Tutorials sometimes even come with personal one-to-one tutoring by the criminal hacker who has devised the method. More common carding techniques are explained in tutorials that are available for less than $100.

    keyboard-640

    Another essential element for the carder to consider is a “drop” — a safe delivery address that doesn’t reveal the carder’s identity. By delivering fraudulently purchased products to drops such as an empty house, anonymous post box, or the apartment of a trusted friend, it’s less likely the carder will be traced by law enforcement. The carder will aim to keep any potential evidence to a minimum, for example by using cryptocurrencies like Bitcoin to purchase the stolen details in the first place, or by relaying their Internet connection through one or more intermediary proxy servers in order to make it harder to trace.

    A criminal service
    A major problem facing those fighting cybercrime is how it has evolved into full-service commercial entities. Those without the hacking skills to pull off complicated attacks and cover their trails can find tutorials, techniques and even hackers-for-hire online — for a price. Underground criminal forums online and in the dark Web are training grounds for cybercriminals-to-be, and the bar of skills required for entry is dropping.

    Carders will try to justify their behaviour in discussions by arguing that banks reimburse their victims most of the time. Even so, victims suffer the shock and inconvenience of losing often substantial amounts of money, and the rising costs borne by banks and insurers are passed on to society.

    Certainly for customers of TalkTalk and other firms subjected to data losses, there is no quick fix: a particular card may be cancelled, but their personal details and identities may swirl around online for many years yet. They will need to be vigilant for unusual activity in their bank accounts, and alert to unusual phone calls or emails that may be scammers at work.The Conversation

    • Gert Jan van Hardeveld is PhD researcher of cybercrime at the University of Southampton
    • This article was originally published on The Conversation
    TalkTalk
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email
    Previous ArticlePost Office to pay workers
    Next Article Catch Up comes to more DStv bouquets

    Related Posts

    Meta girds for ‘fierce’ headwinds

    1 July 2022

    Graphics card prices plummet as crypto demand dries up

    30 June 2022

    Bitcoin just had its worst quarter in a decade

    30 June 2022
    Add A Comment

    Comments are closed.

    Promoted

    Billetterie simplifies interactions between law firms and clients

    30 June 2022

    Think herding cats is tricky? Try herding a cloud

    29 June 2022

    How your business can help hybrid workers effectively

    28 June 2022
    Opinion

    Has South Africa’s advertising industry lost its way?

    21 June 2022

    Rob Lith: What Icasa’s spectrum auction means for SA companies

    13 June 2022

    A proposed solution to crypto’s stablecoin problem

    19 May 2022

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2022 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.