Data firm alerts of open web being used to trade stolen credentials

News by Roi Perez

A data feed firm sees stolen credentials being traded in broad daylight, so to speak.

One data feed firm has warned that stolen credentials are being sold on the open web. Despite this daylight trade of illicit goods, claims that no one is listening.

The firm warned of open web malicious activities, such as the selling of credit card information on public forums, which it claims are simply being ignored.

Despite assumptions of online criminality normally being reserved to the Dark Web, the firm says the surface web is rampant with malicious cyber-activity such as the sale of credit card information on public forums. What's more is that this market is often brazenly publicised on social media.

Recent queries show active CC fraudsters over a 48 hour period by running the following API query: (dump OR dumps OR visa OR paypal OR amex OR mastercard)(ccv OR cvv OR ccv2 OR cvv2 OR icq)

Ohad Flinker, director of content at, provided SC Media UK with a list of results which show open web forums trading credit card information. These offers apparently come from experienced hackers trading dumps of information in return for MoneyGram or Western Union payments.

Flinker said, “The process is simple as querying the API and Twitter API for keywords related to credit card information, and identifying malicious content with links to known phishing sites”

Flinker spoke with SC and highlighted a 2015 paper in which researchers Omar Jaafor and Babiga Birregah from the University of Technology in Troyes, France relayed the way this information is then publicised.

The study, entitled “Multi-layered graph-based model for social engineering vulnerability assessment”, discusses how sharing illegal exploits on popular social media networks such as Twitter and Facebook comes with a risk of losing your account and followers.

If you boast about hacking publicly you risk losing your account and following (and financial gain as a result). For this reason, criminals tend to post highly explicit information on obscure blogs or message board comments, where the risk of exposure is far lower.

Jaafor and Birregah confirm that: “It is difficult to find malicious users on Twitter and Facebook as they publish many benign posts and try to hide their activities. This helps them build a good reputation.”

They continue: “It is much easier to trace their activities on other sites where their perceived risk is much lower. Even if these users attempt to hide their activities on blogs and forums, the probability of finding irregularities in their behavior patterns increases when analysing multiple platforms.“

In a recent blog post, Tim Dalgleish, systems engineer for RSA, estimates that the credit card fraud market at $5 billion AUD and is growing.

Dalgleish highlights that in Australia, for example, “in the twelve months ending June 2016, over two million fraudulent online credit card transactions were made, with a total fraud loss of $402 million AUD (£245,781,058 million GBP).”

That is  is an increase of 24 percent  on the previous year, added Dalgliesh, “and it will become a billion-dollar problem within 5 years, if no action is taken. In relative terms, the current per annum losses translate to $17 worth of online card fraud for every Australian.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop