Developers Club geek daily blog

The criminals devastating ATMs by means of the Tyupkin virus are caught

1 year, 2 months ago
The europol delayed criminals who devastated ATMs without use of a plastic card — by means of the Tyupkin virus which is in advance loaded into the ATM.

image

At first, by means of a boot compact disk criminals got access to the computers installed in ATMs under control of one of old versions of Windows and infected them with a malware. This virus had some features: it turned off the set antivirus protection, and also carried out a best part of the week "in hibernation": accepted commands from criminals at night — since Saturday on Sunday and since Sunday on Monday. Also the trojan could disconnect a local network that services of bank could not be connected far off to the ATM and check what happens to it.

Read more »


Underground market of crankcases. Transfer of the book "KingPIN". Chapter 29. "One Plat and Six Classics"

1 year, 3 months ago
Kevin Poulsen, the editor of the WIRED log, and in blackhat childhood the hacker of Dark Dante, wrote the book about "one acquaintance".

In the book the way from the teenage geek (but at the same time rolling), to the experienced cyberkingpin, and also some methods of work of intelligence agencies on capture of hackers and crankcases is shown.

The quest on transfer of the book began in the summer in Itshny camp for seniors — "The Pin: school students translate the book about hackers", then were connected to transfer also Habrayuzera and even a few edition.

Chapter 29. One Plat and Six Classics

(for transfer thanks to Vyacheslav Slinkin)

Did not realize Kate Mularski that does when undertook DarkMarket.

Its days became true madness. Every day began at 8 in the morning with check of ICQ of the messages which fell down in a night regarding any work for MasterSplinter-and.

It went to DarkMarket — service functioned. To come across here on Iceman-and it was always extremely heavy.

Then queue of tiresome work on backup of a DB came. Iceman reset tables twice in vain attempts to expose Mularski so now fuss with backups was part of morning routine. It was impossible to forget about investigation: so far the base continued to be copied, the simple script which author was a NCFTA programmer scanned every line regarding 16-place numbers, beginning with digits 3 on 6. The stolen credit cards automatically were sorted by BIN and went to the relevant banks for immediate cancellation.

Then Mularski fluently browsed private messages, selected the most interesting chats and checked them in the FBI-ovsky central database of electronic surveillance under the name ELSUR. The following neskolk was spent hours for writing of the report. Under a nickname of Master Splinter, Mularski began to cash funds for the modest sums. Some banks agreed to promote and shared the available dump with fake names, but real transactions which processing was financed already from budget FBR.ON transferred them the list with numbers PIN of crankcases over all country, financial institutions in turn daily reported on that where and when withdrawal of funds was performed. Mularski transferred information to local agents depending on the city where operations were made that led to regular writing of detailed notes.

At three o'clock, when crankcases began to appear in a network, the "second" life of Mularski turned into a scorching heat.

Read more »


Underground market of crankcases. Transfer of the book "KingPIN". Chapter 28. "Carder Court"

1 year, 3 months ago
Kevin Poulsen, the editor of the WIRED log, and in blackhat childhood the hacker of Dark Dante, wrote the book about "one acquaintance".

In the book the way from the teenage geek (but at the same time rolling), to the experienced cyberkingpin, and also some methods of work of intelligence agencies on capture of hackers and crankcases is shown.

The quest on transfer of the book began in the summer in Itshny camp for seniors — "The Pin: school students translate the book about hackers", then were connected to transfer also Habrayuzera and even a few edition.

Chapter 28. Court of crankcases

(for transfer thanks of drak0sha)

Kate Mularski it was emaciated.

At first he talked over with the agent in branch of the Secret service on other end of the city. "It seems to me you some troubles threaten". One of uncountable informants heard that Iceman found out incontestable proofs that the Master Splintr was or the informer, the spy of corporate safety, or the federal agent. Iceman temporarily integrated with the former enemy of Silo and prepared the detailed presentation for the manual Carders Market and Dark Market-á. Iceman and Silo obviously wanted to condemn the Master Splintr.

Everything began with the Silo code. Popularity of the Master Splintr as spammer and programmer made him the specialist in the field of reviews of a malicious code DarkMarket-and. It was one of benefits of its secret operation: Mularski will be able to evaluate the latests version of the confidential attacking code and to transfer them to CERT which, in turn, will send them to all anti-virus companies. The malicious code can be found still before it appears in the black market.

This time Mularski charged a code as a training task to one of students of CMU passing training in NCFTA. According to standard procedure the student started the program in the isolated mode on the virtual computer — some kind of program bowl of Petri which can be cleaned later. But he forgot about the USB stick in USB port. On it were loaded an empty form of account about a malicious application with the NCFTA logo and main objectives of research. Before the student realized that occurred, the document appeared in Silo hands.

Six administrators and moderators of DarkMarket received the copy of the Silo code. Now Canadians knew that one of them was a federal agent.

Read more »


Underground market of crankcases. Transfer of the book "KingPIN". Chapter 26. "What’s in Your Wallet?"

1 year, 3 months ago
Kevin Poulsen, the editor of the WIRED log, and in blackhat childhood the hacker of Dark Dante, wrote the book about "one acquaintance".

In the book the way from the teenage geek (but at the same time rolling), to the experienced cyberkingpin, and also some methods of work of intelligence agencies on capture of hackers and crankcases is shown.

The quest on transfer of the book began in the summer in Itshny camp for seniors — "The Pin: school students translate the book about hackers", then were connected to transfer also Habrayuzera and even a few edition.

Chapter 26. What in your wallet?

(for transfer thanks of al_undefined)

Sale of 100% of the checked fresh dump (USA), discounts:

$11 of MasterCard
$8 of Visa Classic
$13 of Visa Gold/Premium
$19 of Visa Platinum
$24 of Visa Signature
$24 of Visa Business
$19 of Visa Corporate
$24 of Visa Purchasing
$19 of American Express = reduction of price (there was 24)
$24 of Discover = reduction of price (there were 29)
The minimum order — 10 pieces.

Sale on types of cards. Not on Bin'am (a lane comment — the identifier of issuing bank).


The aggressive capture turned by Max was made with the purpose to integrate community forces, but not for the purpose of personal enrichment. Nevertheless, its business selling stolen data from magnetic bands of plastic cards after consolidation of forums prospered more than ever — it received about one thousand dollars a day, selling dump to crankcases worldwide, in addition to five — to ten thousand that he received from partnership with Chris.

On public, during meetings FTC (Federal Trade Commission) or anywhere, the industry of credit cards very much tried to hide effects of the becoming frequent facts of theft of data from magnetic bands worldwide. Visa, the leader in the field of credit cards, supported the report of the Javelin Strategy and Research company financed by the industry (a lane comment — the agency which is engaged in an assessment of risks and opportunities in areas: mobile devices, payments, multichannel financial services, fraud and safety), who accused in the circumstances consumers (clients), but not the company — sources of draining of these credit cards and thefts of personal data: 63% of the occurred cases are caused by loss or theft of a purse with the subsequent theft of data by the entrusted partners, theft of e-mail and research of contents of garbage containers (Dumpster diving).

Read more »


Underground market of crankcases. Transfer of the book "KingPIN". Chapter 24. "Exposure"

1 year, 3 months ago
imageKevin Poulsen, the editor of the WIRED log, and in blackhat childhood the hacker of Dark Dante, wrote the book about "one acquaintance".

In the book the way from the teenage geek (but at the same time rolling), to the experienced cyberkingpin, and also some methods of work of intelligence agencies on capture of hackers and crankcases is shown.

The quest on transfer of the book began in the summer in Itshny camp for seniors — "The Pin: school students translate the book about hackers", then were connected to transfer also Habrayuzera and even a few edition.

Chapter 24. "Exposure"

(for transfer thanks of satandyh)

Accusation

"The Tea, these little girls — white garbage. Be not on friendly terms with them better," — Chris told — "Brains at them others."

They sat in "Naan and Carry", 24-hour Indian-Pakistani small restaurant in the theatrical district of San Francisco. It occurred three months later since that moment when Tea got acquainted with Chris and was with it on one of its trips to the region of the Bay where he met the mysterious friend hacker of "Sam", just before dawn. They were in only four quarters from the safe house of Chris, but Tea still was not provided to the hacker — neither now, nor before. Nobody met Sam personally.

She was fascinated by that as all this worked: the non-cash nature of crimes and a method to which Chris organized the command. He told it everything when decided that it is ready, but he never asked it to make purchases in shops as the others. It was special. He did not even like to dangle with it and with the command of cashing in at the same time, for concern that they somehow can do much harm it.

The Tea was also the only worker to whom do not pay. After she refused 40 dollars left by Chris on a bedside table, he decided that Tea will not take from it any money, despite long hours which she spent on CardersMarket and on the Russian bulletin boards for crimes. Chris cared for lease of the house Tea, bought by it clothes and paid its travel, but it nevertheless found such existence a little strange: life online, travel by means of confirmations, but not tickets for airplanes. It became the ghost, her body was in the Orange country, and the reason was most often projected to Ukraine and Russia, giving support to leaders of organized cybercrime as the emissary of Iceman — i.e. the world of crankcases of the West.

Read more »


Underground market of crankcases. Transfer of the book "KingPIN". Chapter 23. "Anglerphish"

1 year, 3 months ago
In the 23rd head it will be a question about hitrozho imperceptible (almost like in the movie "Catch Me if You Will Be Able") the criminal who drove FBI around a finger, at the same time managed to turn affairs while knocked to intelligence agencies, but eventually lost because of the woman, but managed to get out and run away. And still he in the best traditions of Chichikov used "dead souls" for cashing in of stolen credit cards.


Kevin Poulsen, the editor of the WIRED log, and in blackhat childhood the hacker of Dark Dante, wrote the book about "one acquaintance".

In the book the way from the teenage geek (but at the same time rolling), to the experienced cyberkingpin, and also some methods of work of intelligence agencies on capture of hackers and crankcases is shown.

The quest on transfer of the book began in the summer in Itshny camp for seniors — "The Pin: school students translate the book about hackers", then were connected to transfer also Habrayuzera and even a few edition.

Chapter 23. Anglerphish

(for transfer thanks of Find_The_Truth)

Anglerfish

Max was engaged in collection of information on Brett Johnson. It began with check of logs of access and personal messages of the administrator of CardersMarket. To check itself, Max Johnson's account on the website of "The international association of development of criminal activity" hacked ("The International Association for the Advancement of Criminal Activity", IAACA) and looked for traces of its activity. However, the smoking guns, other proofs were.

Really he could bring the informant into a narrow circle of its new website? The problem is that there is no specific method to define whether Johnson, or someone else works for the government. Max wanted to use a hole in safety of law as buffer overflow in BIND which he could use again and again concerning any whom he suspected.

If (is_snitch(Go llumfun)) ban(Go llumfun);

It trusted in David Thomas, without representing that Thomas already entered Aysman in the kilometer list of enemies.

Read more »


Underground market of crankcases. Transfer of the book "KingPIN". Chapter 22. "Enemies"

1 year, 3 months ago
Kevin Poulsen, the editor of the WIRED log, and in blackhat childhood the hacker of Dark Dante, wrote the book about "one acquaintance".

In the book the way from the teenage geek (but at the same time rolling), to the experienced cyberkingpin, and also some methods of work of intelligence agencies on capture of hackers and crankcases is shown.

The quest on transfer of the book began in the summer in Itshny camp for seniors — "The Pin: school students translate the book about hackers", then were connected to transfer also Habrayuzera and even a few edition.

MagisterLudi: "I apologize, under the end of the year confusion with ready heads began again, we spread that is, not one after another."

Chapter 22. Enemies

(for transfer thanks of GrizliK)

Johnathan Dzhiannone learned that loss of private life is the price for work with Iceman'om.

It worked with the mysterious hacker within a year, generally purchasing servers which Iceman used for scanning of vulnerabilities, but all the same was under the permanent electronic king from Iceman'a. Once, the hacker sent to Dzhiannona the link to news allegedly on the website CNN about a computer problem to JetBlue, airline which fought back Dzhiannone's racketings very long time ago. Dzhiannone without thinking clicked the link and then Iceman got to its computer again. Attack like Client-side worked.

Dzhannone began to check regularly the computer for existence of malicious applications, but all the same could not monitor all invasions of Iceman'a. Max received Dzhannone's password from the bonus United Airlines system and began to monitor its movements on the world. Dzhannone was a fan of aviatravel who could go easily to flight, only to earn bonus miles. When it landed at the international airport San Francisco, in its mobile there was already a text message from Iceman'a. "Why you in San Francisco?"

It could seem amusing if not frightening differences of mood of Iceman'a. It could change in a second — in one day you will be for it the best friend, it will be confident in another that you are an informer, the traitor or is even worse. He wrote Dzhiannone long spontaneous letters, with complaints to Chris or other associates of crankcases.

Read more »


Future p2p of payments: when the smartphone replaces cash

1 year, 3 months ago
imageRecently in the corporate blog we told about the industry of mobile NFC of payments, having focused attention to Apple Pay. To Bloomberg there was news that Apple is going to strengthen distribution of the payment service provider due to start of the new p2p service of payments which will allow to transfer money by means of iPhone from the account to the account to individuals. In the PayOnline company which is engaged in the organization of payments on the websites and mobile applications this news seems to us sign, and we prepared the overview of opinions of the western experts in this subject:

Olga Kharif, the author of the Bloomberg edition, considers that the Silicon valley is obsessed with idea of direct translation of money by means of applications for smartphones now. The birth of a set of non-profitable methods of commission of such transfers different, as a rule, with the commission, almost close to zero, turned out to be consequence of this obsession. The most popular of them are applications of PayPal and its Venmo subsidiary now. However and they begin to face the competition including from Google, Facebook, Square even more often.

Read more »


Conversion of payments: 4 reasons reducing success of payment on your website and methods of their elimination

1 year, 3 months ago

Friends,

Today we want to talk about conversion of payments. What is it? For what reasons most often there are failures? How to optimize passability of payments?

Different people calculate conversion differently: on passability of payments (the attitude of successful payments towards total quantity of attempts), by the number of successfully paid orders (regardless of the number of the attempts which were required for successful payment), and even — in especially hard cases — by the number of transitions to a payment form. We consider by the first option — for us as for a payment gateway, the indicator of passability of payments is the most important and giving in to optimization from our party.

Read more »


Underground market of crankcases. Transfer of the book "KingPIN". Chapter 21. "Master Splyntr"

1 year, 3 months ago
Kevin Poulsen, the editor of the WIRED log, and in blackhat childhood the hacker of Dark Dante, wrote the book about "one acquaintance".

In the book the way from the teenage geek (but at the same time rolling), to the experienced cyberkingpin, and also some methods of work of intelligence agencies on capture of hackers and crankcases is shown.

The quest on transfer of the book began in the summer in Itshny camp for seniors — "The Pin: school students translate the book about hackers", then were connected to transfer also Habrayuzera and even a few edition.

(I apologize, transfer of the 20th chapter was lost, to wait there are no forces and I will spread the others.)

Chapter 21. Master Splyntr

(for transfer thanks of ungswar)

Occupying the whole floor of green office structure on the river bank of Monongakhil, the National Alliance Kiber-Kriminalistiki and Training (HAKKO) was very far from privacy of the Washington prospecting community where Mularski took the first steps. Here dozens of experts in safety from banks and technology companies worked along with students from nearby Carnegie Mellon University in closely the placed accurate cabins surrounded with a ring of offices and, then, building walls from tinted glass. With chairs Aeron * and vaytbordam, office created feeling of one of the technology companies which supplied HAKKO with the main part of means. FBI made several changes before driving, remade one of offices to the room with electronic communications, filled it with the computers approved by the government and the cryptographic equipment safely to communicate with Washington.

In the office Mularski studied the scheme of communications of Krebba — the mail inspector who sent it by e-mail — the large scale circuit showing different communications between 125 purposes from an underground. Mularski realized that he did everything wrong: expected a crime, and then tried to find responsible. Criminals did not hide at all. They advertized the services at forums. It did them vulnerable, the same as rituals and strict hierarchy of the New York and Chicago mafia which gave FBI the instruction to break gangs a decade ago.

Everything that he should have made now is to join crankcases.

Read more »