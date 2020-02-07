Advertisement

Almost half a million Indians’ credit and debit card details were offered for sale on an underground website, which is a popular source of financial fraud. From cybersecurity researchers’ perspective, this indicates that the leak has been the worst in the past 12 months.

In addition to the 14-16-digit card numbers, the data offered for sale at Joker’s Stash also contains sensitive details such as expiry dates, CVV / CVC codes, names of cardholders and in some cases even Group IB e-mail addresses Singapore-based cybersecurity company.

These can be used together to perform financial transactions online without the need for any other authentication method.

“This is the second major Indian bank card leak discovered by the Group IB threat intelligence team in recent months. In the current case we are dealing with so-called Fullz – they have information about the card number. Expiry date, CVV / CVC, name of the cardholder and some additional personal information, ”said Dmitry Shestakov, head of group IB cyber crime research, in an email to HT.

Each of the 461,976 card details was sold for $ 9, bringing the total data leak to $ 4.2 million. “This type of data has probably been compromised online,” he added.

According to the Reserve Bank of India’s 2018-19 annual report, there were 1,866 cases of card and internet banking fraud. According to the RBI, an average of 20 lakhs were stolen per fraud.

Indian cyber security officials have informed the Reserve Bank of India (RBI) and all Indian banks that such data are sold on the Internet, a senior official said to a cybersecurity department and asked not to be named. “We do not know how many of these cards are active,” said the official, adding that many of them could be old or inactive cards.

“Once the RBI and the banks have informed us of the nature of the data sold, investigations into how the information was accessed can be carried out in a more targeted and specific manner,” said a second senior official, also in a cybersecurity department.

Group IB found a similar card data dump in October, but representatives of the organization added that this information was limited to data that was on a card’s magnetic stripe. Typically, most payment gateways worldwide require additional details such as CVV and expiration dates to authenticate a transaction – information that may not have been available in the leak reported in October. The first contained a much larger number of cards (1.3 million), but the listing was soon taken offline.

“As of Friday evening, 407 card details were bought by someone,” Schestakow said, referring to the new data leak. “With the data contained in the current database, fraudsters can make online purchases. In a simple scenario, criminals buy luxury goods and then resell them, ”he said.

How this data was stolen or who was behind it wasn’t immediately clear, but it seems that hackers who use tactics like phishing, malware nesting, or compromising e-commerce websites with “sniffers” use a customer’s payment details can grasp, have done this.

“We shared all of the information we discovered with our colleagues at CERT-In,” added Shestakov, referring to the Indian Computer Emergency Response Team.

Transactions routed through Indian payment gateways require a second level of authentication – usually a password set by the cardholder or a one-time password (OTP) sent to the person’s mobile phone or email address.

This protection level is not mandatory for payment gateways outside the country, for which the card number, the CVV number and the expiry date are often sufficient for a transaction.

According to Group IB’s Hi-Tech Crime Trends 2019-2020 report, analyzing map data leaks between October 2018 to September 2019 and October 2017 to September 2018, the number of vulnerable maps uploaded to underground forums rose from 27.1 million to 43.8 million. The size of the card market grew again by 33% and totaled USD 879.7 million.

The report added that compromised card data from US banks is the most common, making it the cheapest on the market.

Websites like Joker’s Stash exist on the so-called dark internet – a part of the internet that is not indexed by search engines like Google. Websites in the dark Internet often rely on special networks such as Tor to anonymize their server addresses so that they can no longer be found.

(With contributions by Sudhi Ranjan Sen in New Delhi)

