A dark web market calling itself “BidenCash” is trying to establish itself by giving away 1.2 million stolen credit cards, some with additional sensitive information (such as social security numbers).
The nascent dark web market began trading heavily in June and had previously offered a dump of stolen credit cards as an introductory promotional tactic, although it only involved several thousand numbers. Security analysts found that the majority came from the United States and that about 30% of the collection were numbers that had never been seen before, but also that many of them had been blocked by banks and that only a small fraction of the dump could remain usable at this stage.
Dark web market promotion distributes free cards, but many numbers are recycled and already blocked
The dark web market, which specializes in stolen credit cards, sold 1,221,551 to the public to promote itself. However, security analysts who have reviewed the dump believe much of it stems from a similar stunt that took place last year: another dark web market called AllWorld Cards released around a million cards that were stolen between 2018 and 2019 in August 2021.
Researchers believe that most of the BidenCash release consists of numbers recycled from this and other past data breaches that were already floating around the internet. But this version contains a subset of fresher stolen credit cards, about 30% (350,000) that have never been seen before. Most cards have expiration dates ranging from 2023 to 2026, and about 70% are “full” cards that contain all the information needed to make purchases online (like the CVV number on the back of the card). An unknown number of cards feature additional personal information, such as email addresses and phone numbers, and some amounts even include US social security numbers.
No specific source for all of this new information has been identified, but the dark web market is known to traffic stolen information from malware that infects point-of-sale systems at outlets or virtual shopping cart systems on e-commerce sites. An article claims that the stolen credit cards were collected from “Web Skimmers”, or scripts injected into the payment pages of hacked sites that siphon off payment information entered as the transaction progresses. The majority of cards are from the United States, with a handful from around a dozen other countries in Europe, Asia, Africa, and South America. More than half of the cards (53%) are American Express cards, and the vast majority of them come from the United States.
The dark web market did not provide a specific reason for its apparent generosity, but the promotional move may be related to the fact that its old domains were recently taken down by a distributed denial of service (DDoS) attack. The group is probably trying to quickly attract attention to its new store areas. The stolen credit cards were made available not only through one of his own domains, but through posts on various carding and hacking forums.
A subset of stolen credit cards in Italy were scrutinized more closely by security firm D3Labs, which found around half had already been identified and blocked by issuing banks. Extrapolating from this sample and the number of recycled cards in the collection, D3Labs estimates that only 10% of card numbers still work today.
Stolen credit cards continue to be big business for cybercriminals
To give an example of the size of the online market for stolen credit cards, dark web markets typically have an inventory of several million card numbers at any given time. These tend to range in price from around 30 cents to $15 USD. As can be seen on the BidenCash site, they often have a separate section for more expensive “hot” cards (ranging from $5 and up per issue) that have been very recently verified to work. Stolen credit cards are usually tested with a series of multiple purchases no more than a few dollars each, in the hope that the cardholder won’t notice suspicious transactions until it’s too late.
Not all carding sites are this size, but BidenCash was able to grow an inventory of over two million stolen cards (and the ability to give away another million+) in just a few months. This is another area of cybercrime that has seen a surge in activity due to the Covid-19 pandemic and associated containment measures; it grew from $28 billion in 2019 to $32 billion in global activity in 2020, more than tripling from just under $10 billion recorded in 2011. The United States is by far the more targeted, accounting for about a third of total stolen flight traffic. credit cards, but there is growing interest in countries with large populations and developing economies such as India and Brazil.