Posted on October 16, 2019 at 8:13 AM
White-Hat Hacker Takes Back Millions of Credit Cards Stolen by Cybercriminals
When people talk about hacking, it is always depicted in a negative context. Hacking is imagined as a set of skills and actions that can bypass security measures in order to harm innocent people. However, this does not have to be the case, as proven recently by white-hat hacker or hackers, who saved a lot of people’s money by attacking cybercriminals.
Vigilantes save the day
The event in question revolves around a recent hack of BriansClub, which is a black market website that is used for offering information about stolen credit card data. The hack was made by white-hat hackers, who can be considered online vigilantes, and who rescued the information of over 26 million credit and debit cards.
Judging by the report published by KrebsOnSecurity, the stolen credit card data was recovered earlier this year, in August. The good hackers who stole the data back also shared it with a financial institution, which checked the legitimacy of the information, confirming that it is real. The institution also managed to identify the compromised cards, monitor the activity on them, and reissue them for their rightful owners.
According to what is known at this point, the credit card information was originally stolen by hacking brick-and-mortar retailers, as well as various online portals, over a longer period of around four years. The card data theft was a problem for a long time, but judging by the recovered data, it includes cards that were stolen all the way back in 2015.
In fact, BriansClub saw an increase in stolen cards every year. In 2015, the website published around 1.7 million cards, which is already a huge number. That number was accompanied by an additional 2.9 million cards in 2016, 4.9 million in 2017, and 9.2 million in 2018. The year-after-year increase was rather drastic, and a security company known as Flashpoint had estimated that around $414 million worth of cards was was published and available for sale.
Flashpoint was also able to confirm that around 9.1 million of the stolen cards were sold to others who were willing to buy them, which allowed the hackers to earn around $126 million. In addition, around 14 million of the total of 26 million of stolen cards are believed to be valid even now.
Then, suddenly, the credit card data got swiped by someone who contacted KrebsOnSecurity, claiming that they had a full database of cards. This was back in September, and the individual or individuals who recovered the cards delivered them to multiple sources who worked closely with financial institutions. As mentioned, the stolen cards checked out.
Bad hacking remains dominant
Security researchers claim that credit and debit card dumping websites such as BriansClub often only resell cards stolen by freelance hackers. Each card is valued at around $500, on average, and freelance hackers receive a percentage from each of the stolen cards’ sales.
This highly-sensitive data is made by making an unauthorized digital copy of the information that is located in the magnetic strip of the credit card. According to researchers, a lot of modern card skimmers contain wireless Bluetooth technology, which allows hackers to easily download data from them. The same method can be used to steal ZIP codes or PINs from keypads and alike.
The event represents only the most recent example of how hacking can actually impact people’s lives in a positive way. Unfortunately, positive hacking is still in the shadow of cybercriminals’ activity, with instances like this being rather rare. Large hacks are happening quite regularly, especially in 2019, and the last few years.
Even the largest companies that spend massive amounts of money on security are not 100% safe, as confirmed by the hacking of Twitter, NASA, Capital One, Words with Friends, Sprint, and many others. Hack on cryptocurrency exchanges also often results in millions of dollars in various cryptocurrencies stolen, with some of the most severe hacks of the last decade even involving hundreds of millions.
In terms of sensitive data, however, the most serious hack ever to be reported took place in 2017, when Equifax ended up being breached and experiencing the loss of data belonging to over 145 million consumers. Most of the affected consumers were in the US, although a fair number of them were also UK-based.