The Federal Bureau of Investigation recently released a report detailing a new trend in global organized cyber crime: Carding Forums. In these online forums where data is posted for sale much like one would post a sofa for sale on craigslist; the detailed financial and personal information of individuals who have fallen victim to large-scale data breaches is offered to the highest bidder. What is perhaps most alarming is the fact that this information can be breached/hacked and posted on the internet within hours or days; long before the organization whose records have been hacked is even aware of the breach.
What is “carding” and how is it perpetrated? Kimberly Kiefer Peretti of the FBI explains “In its narrow sense, the term “carding” refers to the unauthorized use of credit and debit card account information to fraudulently purchase goods and services. In contrast to other types of identity theft, carding involves the large-scale theft of credit card account numbers and other financial information” obtained by, among other methods, “computer hacking, phishing, cashing-out stolen account numbers, and Internet auction fraud. The individuals who engage in these criminal activities are referred to as “carders.”
According to Peretti, once individuals log into one of these sites, they post messages to various forums advertising the stolen data, and “Provide guidance to members on producing, selling and using stolen credit card and debit card information and false identification documents.” Individual members to the site were often known by several nicknames in the interest of anonymity. In addition to the forum’s many members, there are usually several site ‘administrators’, individuals near the top of the forum’s hierarchy. The administrators serve as a “Governing council of the criminal organization”. There are usually several ‘moderators’ as well- individuals who are experts in, and responsible for, one geographic location or subject content.
In conclusion, it is important to understand that we are not just dealing with cyber thieves at home in the U.S; but that cyber crime rings are becoming increasingly organized and are operating on a global scale. This collaboration makes it possible for large amounts of data to become breached and disseminated quickly via the intranet. Any organization entrusted with the security of its client’s personal information needs to be aware of this new threat to their cyber security and be prepared to handle a breach of this nature.