“Are you crazy?”, you’re thinking.

Not entirely.

We’re all well aware of the proliferation of identity theft.

In only two years, there have been 4 attempts to use my credit card fraudulently.

The cyber-crime headline writers are not struggling for work.

A few weeks ago I purchased an anonymous, prepaid Visa.

I wanted to watch the life-cycle of how information propagates across the internet and dark web.

Frustratingly, you can’t just start selling this information on dark web forums. You need a reputation. You need people to vouch for you. You need a reputation.

Download: creditcards.csv

So I gave it away for free.

I dumped the complete package to various paste sites including; full card numbers, expiration dates, CVV codes, and billing address.

Bundled in my paste were a variety of fictitious card numbers I made up based on MasterCard and Visa formats.

And I waited…

…for about 2 hours.

Fraudulent card transacation

Have you ever been the victim of having your card cloned before? If so, you’re probably familiar with the test transaction.

Card testing happens when fraudsters test stolen credit card details by making small purchases.

Typically, fraudsters use bots and scripts to test the credit card information, then target merchant sites that provide automated responses that provide decline details.

That bot was pretty slow at detecting and my dump.

The real point here is how fast information spreads, and is exploited.

Within 2 hours someone (or something) was attempting to purchase something from a well known retailer here in the UK using my prepaid card.

ThreatPipes leaked sensitive information

Now instead of credit card data replace this with:

  • Sensitive internal company data (documents, mails…)
  • Network data (exposed ports, misconfigured SSL certificated…)
  • Accidental or international data leaks (API keys, usernames and passwords…)

Bots are watching and waiting to exploit you from lots of angles.

Google Dorks, leaked accounts, accidental commits

Yes, you should be implementing good security measures to mitigate the risk of these types of scenario happening.

The fact is; your defences will slip up one day.

You should probably be watching too.

ThreatPipes Modules relevant to this post

  • Interesting files: Identifies potential files of interest, e.g. office documents, zip files.
  • Junk files: Looks for old/temporary and other similar files.
  • Pastebin: Search Pastebin to identify related content.
  • S3 bucket finder: Search for potential Amazon S3 buckets associated with the target and attempt to list their contents.
  • HaveIBeenPwned: Check Have I Been Pwned? for hacked e-mail addresses identified.

Here are 100’s more…

David Greenwood

David Greenwood, ThreatPipes Team