The laptop also had a plain text password file which gave the secret service access to everything roman had; the website, the hacking servers, and the servers he used to store dumps on. Forensics experts investigated the laptop closer and they looked at network logs, users, and system activity. They looked at the registry keys and the system resource usage monitor.
The reports came back and there was a common purchase point; schlotzsky’s deli in coeur d’alene, idaho. The secret service contacted detective dunn, the agent who investigated that schlotzsky’s deli hack and gave him a forensic image of the pc to see if he could Escrow Service make any connections between the two cases. Detective dunn examined the pc and found credit cards were bought from two different websites, bulba.Cc and track2.Name. This computer contained icq chat logs with someone named track2.
The secret service went on to one of these sites, cardingworld.Cc, and they started looking to see who’s selling dumps. Ncux would come up on the forum and go crazy selling dumps. They’d say american express cards; $1, visa, mastercard, discover; $5 per dump, minimum $1,000 order, 60-80% valid rate.
Then once the scanner found the computer on the internet was running remote desktop, they would then attempt to brute force login to it by cycling through thousands of commonly-used usernames and passwords. Then if the password had been guessed correctly, the hacker can access the computer as if they were sitting right in front of it. This is a sloppy, noisy, and easy way to hack into computers but it seemed to be working. The reality is that nobody should have remote desktop exposed to the internet like that yet thousands of computers were which might also mean they weren’t using good passwords, either. The forum has been used to commit credit card fraud, which has resulted in financial losses for many people. The forum has also been used to facilitate other illegal activities, such as drug trafficking and money laundering.
This is ran by visa and mastercard and stuff, so the pci requires audits to be conducted on the network also. On top of all that, because they weren’t compliant with pci, they were fined anywhere from $5,000 to $30,000. At a minimum this breach cost each of these small businesses $20,000 and some much higher. Then to top it all off, if the story got out, customers would stop coming in fear of getting their card stolen. The broadway grill in seattle had just changed ownership right before this hack and this was a major setback for the new owners. They spent tens of thousands of dollars to fix the security issues on their systems.
When a file is deleted on a computer, it’s not really wiped. But what was really odd is this brand new vendor was marked by the admins as being a trusted vendor. This is a hard-to-earn rank on the site and this person had it on day one.
The detective looked at the whois records for these two websites. Each website in the world has to be registered and the registration information is public for anyone to see. But the whois data on the websites said they were registered by two different yahoo e-mail addresses.
No comments yet