Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

U.S. Govt. Appears To Have Nabbed Kurupt.su Carding Kingpin

Unknown Lamer posted more than 2 years ago | from the can-i-see-your-id dept.

Security 44

tsu doh nimh writes "The Justice Department on Monday announced the arrest of a Dutch man wanted for coordinating the theft of roughly 44,000 credit card numbers. The government hasn't released many details about the accused, except for his name and hacker handle, 'Fortezza.' But data from a variety of sources indicates that Fortezza was a lead administrator of Kurupt.su, a large, recently-shuttered forum dedicated to carding and Internet fraud. Krebsonsecurity.com provides some background on Fortezza, who 'claimed to be "quitting the scene," but spoke often about finishing a project with which he seemed obsessed: to hack and plunder all of the other carding forums.'"

cancel ×

44 comments

Sorry! There are no comments related to the filter you selected.

King Cotton? (1)

Chrisq (894406) | more than 2 years ago | (#40309085)

U.S. Govt. Appears To Have Nabbed Kurupt.su Carding Kingpin

I thought he had something to do with sorting cotton fibres before spinning [wikipedia.org] .

Re:King Cotton? (1)

Canazza (1428553) | more than 2 years ago | (#40309627)

I misread it as Cardigan Kingpin, like he was selling bootleg Edinburgh Woollen Mill gear.

Spokeo (1, Informative)

Anonymous Coward | more than 2 years ago | (#40309111)

Just looked him up on Spokeo. Already updated to show him in jail. wow!

Good riddance (5, Informative)

Anonymous Coward | more than 2 years ago | (#40309225)

RTFA, Krebs almost seems sympathetic for the guy.
I don't care much for the whole extradition-to-the-US thing, but this is not your average whitehat/greyhat hacker, highlighting security issues by breaking systems, or for the lulz.
This is card skimming pond scum, doing it for profit. Good riddance, I say.

Re:Good riddance (2)

1s44c (552956) | more than 2 years ago | (#40309357)

RTFA, Krebs almost seems sympathetic for the guy.
I don't care much for the whole extradition-to-the-US thing, but this is not your average whitehat/greyhat hacker, highlighting security issues by breaking systems, or for the lulz.
This is card skimming pond scum, doing it for profit. Good riddance, I say.

Exactly. I don't get the sympathy for this thief, he stole from thousands and deserves to be locked up for a while.

Re:Good riddance (1)

ub3r n3u7r4l1st (1388939) | more than 2 years ago | (#40310157)

Resources should be used to find, catch and lock up these people instead of those who just smoke a joint.

the banks win, again (-1, Troll)

alen (225700) | more than 2 years ago | (#40309233)

this hero of the people taking from the evil banks and redistributing back to the little people will never lose

Re:the banks win, again (1)

nhat11 (1608159) | more than 2 years ago | (#40309259)

What are you talking about?

Re:the banks win, again (4, Interesting)

1s44c (552956) | more than 2 years ago | (#40309341)

this hero of the people taking from the evil banks and redistributing back to the little people will never lose

It was credit card fraud. The only people that lose are the shops who take credit cards and maybe a few rich people who don't check their statements.

If the banks were losing out from this though would change the credit card system.

Re:the banks win, again (3, Insightful)

moeinvt (851793) | more than 2 years ago | (#40310639)

"If the banks were losing out from this though would change the credit card system."

They're definitely losing big money but they're doing so much business that the losses don't have a material impact on their profits. Millions or maybe tens of millions vs. tens or hundreds of billions. Not enough to justify the expense of updating all the point-of-sale systems(they already have the technology to do this) and certainly not enough to make them want to change their policies of giving easy credit to anyone with a pulse.

Re:the banks win, again (2, Informative)

Anonymous Coward | more than 2 years ago | (#40311169)

It was credit card fraud. The only people that lose are the shops who take credit cards and maybe a few rich people who don't check their statements.

If the banks were losing out from this though would change the credit card system.

I had my card stolen (or at least, it was caught) while I was away on a business trip in a foreign country. I sort of got it resolved, but after a marathon phone session (which I got to pay for!), and countless other little inconveniences. That inconvenience and wasted time has to count for something.

If there was a more secure, but more annoying to use, credit card option, I'd jump to it in a heart beat. But since credit cards are effectively a monopoly, I have a choice of images to put on the card, and little else.

Re:the banks win, again (1)

ColdCat (2586245) | more than 2 years ago | (#40311251)

If the banks were losing out from this though would change the credit card system.

I disagree if bank lose more money to credit card fraud they will insure themselves for more loss.
So Then they have many options ask you to pay more for your card, "offer" you a deal special anti fraud card for money, take more money from your bank account...
As long as it's sustainable to make customers pay they will chose that option first.

Re:the banks win, again (0)

Anonymous Coward | more than 2 years ago | (#40320305)

But the shops are businesses, as such they need to make a profit and to cover their losses from credit card fraud they need to raise their prices to cover their losses, as such it is the average consumer who pays in the end.

Re:the banks win, again (-1)

Anonymous Coward | more than 2 years ago | (#40309423)

this hero of the people taking from the evil banks and redistributing back to the little people will never lose

You were dropped on your head a lot as a baby, weren't you? And, assuming you're old enough, as a toddler, a kid, a teen, and an adult? And then hit on the head a few more times this morning just for good measure?

Re:the banks win, again (3, Informative)

I_am_Jack (1116205) | more than 2 years ago | (#40309425)

Interestingly enough, it was a restaurant owner in Seattle who tipped the feds off, after angry customers contacted him about additional $70-90 charges on their checks. So yeah, he was really sticking it to the banks.

Re:the banks win, again (1)

Sulphur (1548251) | more than 2 years ago | (#40309469)

this hero of the people taking from the evil banks and redistributing back to the little people will never lose

That sounds like PR. More likely, he invested in portraits of Elvis and Mexican jail doors.

Lulz (2)

1s44c (552956) | more than 2 years ago | (#40309265)

Anyone checking my post history will see I'm pretty critical of the US, but good work on this one Team America!

Lets see how Dutchie-Boy likes the US prison system.

Re:Lulz (2)

alen (225700) | more than 2 years ago | (#40309355)

21 and facing decades in a US jail where the other criminals are mean?

why can't he just say i'm sorry, i learned my lesson and be done with it?

Re:Lulz (1)

csumpi (2258986) | more than 2 years ago | (#40309485)

21 and facing decades in a US jail where the other criminals are mean?

why can't he just say i'm sorry, i learned my lesson and be done with it?

oh yeah, and why not give him a trophy for participating at the same time?

Re:Lulz (0)

Anonymous Coward | more than 2 years ago | (#40309523)

Hm... I find it amusingly retarded that another post of yours in this story was portraying him as some sort of Robin Hood character (because... um... simply having money is immoral?), and now this? You're going for some sort of Slashdot record of pure derp, aren't you? Because I gotta say, as a troll you're not particularly effective.

Re:Lulz (1)

Loughla (2531696) | more than 2 years ago | (#40310193)

21 and facing decades in a US jail where the other criminals are mean?

I feel like there's a saying for this sort of thing. Something about crime and punishment.

Re:Lulz (1)

Gr8Apes (679165) | more than 2 years ago | (#40313343)

Lets see - 44,000 thefts, times probably 4-6 hours each to resolve for each victim.... let's be nice and call it 4 hours per theft - about 20 years. Yes, decades before being able to be paroled seems about right, although I'd go with treble damages due to the scale of the criminal activity, so 60 years before being eligible for parole seems quite reasonable and even kind.

"Don't do the crime if you can't do the time"

Scale and scope of the crime should not work in your favor by minimizing punishment.

Kingpin? (1)

DanTheStone (1212500) | more than 2 years ago | (#40309311)

coordinating the theft of roughly 44,000 credit card numbers

What would that go for these days, about $440?

Re:Kingpin? (2)

1s44c (552956) | more than 2 years ago | (#40309383)

coordinating the theft of roughly 44,000 credit card numbers

What would that go for these days, about $440?

Who cares if the data went for a cent. It affected the lives of 44,000 people.

Only banks and governments are allowed to perform wide scale theft, this guy was nether so it's jail time for him.

Re:Kingpin? (0)

Anonymous Coward | more than 2 years ago | (#40309677)

very funny, my only quarrel is that ( 44,000 wide scale theft by banks ), even ( (44,000 * 10) wide scale theft by banks ).

Re:Kingpin? (0)

Anonymous Coward | more than 2 years ago | (#40309919)

What would that go for these days, about $440?

I bet that argument works great when thieves steal expensive bicycles and sell them for $5 apiece. "How is this a felony? I only made $5 off the theft!"

Hurray (0)

Anonymous Coward | more than 2 years ago | (#40309399)

The financial system is saved. No need for more regulation and more bank/insurance bailouts! Yaaay...?

Good. No more illegal cards. (0)

sl4shd0rk (755837) | more than 2 years ago | (#40309657)

I'll bet Hallmark is just as thrilled.

Credit card fraud treated as Identity Theft in US (2, Interesting)

cdrguru (88047) | more than 2 years ago | (#40310001)

One huge problem is the FBI decided that credit card fraud - any type - is "Identity Theft" and that is how their reporting structure works. This hugely inflates the amount of "Identity Theft" that is reported giving a big leg up to the probably bigger scam artists at Lifelock. No matter how much credit card fraud costs merchants, the number is dwarfed by the amount of money going to Lifelock and other "identity protection" thieves.

Now, who really is affected by credit card fraud? Certainly not the banks - fraudulent charges are simply charged back to the merchant. Does it hurt the card holder? Well, not really. If you get a charge on your bill that you didn't make you do not have to pay it. Most of the time the credit card company is already aware of the fraudulent use and has taken such charges off the bill. Now, the card company almost certainly will want to change the card number and set you a new card and that can be somewhat inconvenient, but that is about it. Well, what about the merchant? If you are in the business of taking credit cards for almost any retail business you have insurance that covers this sort of thing. The merchant is paying for this insurance, so they might as well use it. I guess we are all paying a little bit for this because the merchants might save a few pennies on their general business insurance if they didn't need this coverage. So figure that when you go to a store you are paying $0.000001 more to cover the credit card fraud insurance.

So who loses? The insurance company? Not really. The merchant that is silly enough not to have insurance? Probably. Certainly nobody else is losing anything in this which is why it is not prosecuted in the US - nobody actually using a fraudulent card ever gets even arrested. They do take the card away if you are using a fake card, which obviously doesn't apply when credit card fraud is done through the Internet.

So really this is almost a vicimless crime that affects nobody. So your credit card number is used fraudulently... big deal... get a new card and move on.

Did you know that a fresh credit card number is worth about $0.50 on the open market today? This means that every time you use a card with a human involved it is a good chance they are collecting card numbers. A guy working in a restaurant can make an extra $50 a week easily just collecting numbers and such from cards handed over by customers. There is little risk with this as at worst he might get fired if caught. The police will not even arrest someone for this sort of activity.

Yes, I get a credit card used fraudulently at least once a year. I get a call about some silly charge that someone tried to make and they take it off the bill. End of story. The guy this posting is about is evidently higher up the food chain enough that someone thinks he is worth prosecuting, but I doubt it goes anywhere. There just isn't anyone losing out enough to justify spending anyone's time and money prosecuting folks like this. So it will continue and get more and more prevalent.

The bank always win in credit card fraud (1)

Dainsanefh (2009638) | more than 2 years ago | (#40310329)

Thanks to the chargeback fees paid by the merchant.

Re:The bank always win in credit card fraud (0)

Anonymous Coward | more than 2 years ago | (#40310353)

Just wait 'till chip-and-pin arrives in the US. Then the merchant does not pay, the bank does.

Puts a whole new slant on who it hurts.

Fat Chance (1)

Dainsanefh (2009638) | more than 2 years ago | (#40310409)

All the banks will resist, citing "high cost" of implementing new system and potential "revenue lost". Why even bother when the existing model bring the banks and its shareholders enormous profits?

Re:Credit card fraud treated as Identity Theft in (3, Informative)

guises (2423402) | more than 2 years ago | (#40310503)

It's certainly not victimless: any merchant who doesn't have insurance is getting screwed by the fraudster, any merchant who does have insurance (because of all the credit card fraud) is getting screwed by the insurance company.

Your numbers are also off - good credit card numbers can go for $30 - $45 depending on the type of card and where it's from:

http://www.npr.org/blogs/money/2011/06/16/137181702/the-tuesday-podcast-inside-the-credit-card-black-market [npr.org]

and the idea that a guy working in a restaurant would do this... Well, if he was very stupid then maybe. But he'd get caught in no time once this restaurant was identified as a common point of use between all these stolen cards.

Re:Credit card fraud treated as Identity Theft in (2)

thoromyr (673646) | more than 2 years ago | (#40311119)

Unfortunately you are wrong on at least one point: the guy in the restaurant is unlikely to ever be fingered for skimming. If the restaurant were identified (which it won't be) it won't be likely he works there anymore (check out the employee turn over in food services some time). But lets get to the notion that someone is working to find correlation to determine the point of loss: lots of luck, there are simply too many ways for a card to be compromised. For example:

1. restaurants
2. card readers
3. malware on a computer
4. thief walks out with hard drive full of the data from a data center

None of those are theoretical, all are significant problems. The poster claiming that it is a victimless crime is either incredibly naive or trying to justify the crime, but the real problem with catching and prosecuting the criminals is that it is an easy crime to commit, hard to identify the criminals and build a case for prosecution. However, the FBI *does* consider it worth pursuing and they do. But they are more likely to catch a poor mule who only has a loose idea that crime was even being committed than the professionals who run the business. Doesn't stop the mule from going to jail, though. It also doesn't get much press because it isn't exactly exciting to read that "Joe Schmoe fell for a work-at-home scam where he purchased product from Amazon with fraudulent CC (provided by his anonymous handler) and shipped the items to England".

Re:Credit card fraud treated as Identity Theft in (0)

Anonymous Coward | more than 2 years ago | (#40312667)

Last year I had a debit card linked to an account whose only use was to purchase food from restaurants/grocery. I got a replacement card in the mail and had used it three times before theres were attempts at huge fraudulent transactions. Of my three valid transactions one was at a gas station, one was at a mcdonalds, and the last was at a grocer. The only one it could have been was the mcdonalds. I reported it to the police and they said they didn't care and it was the cc co's issue. I got a new card, and a few weeks later I used at the bk down the street...This time the only places I'd used it at were self checkout at grocery since it was new. A few days after bk, yep, more fraudulent charges. Another call to police and attempt at alerting fbi...NEITHER cared. Both said it was extremely unlikely the fast food cashier was skimming cards and didn't want to look into it. I never heard a thing back from them.

So don't be so confident this would be caught so quickly.

Re:Credit card fraud treated as Identity Theft in (1)

guises (2423402) | more than 2 years ago | (#40314941)

I do get your point but listen to the podcast that I linked - they make it clear that most stolen credit card numbers come from what they call 'hacking' (probably a compromised machine at a merchant or bank, maybe one at your grocery store) and most of the rest come from fraudulent or bugged ATMs or the like. Conspicuously absent is the sort of skimming that you're talking about and I'd guess that this has something to do with the impracticality of the process in addition to the danger.

I'd imagine that you got the brush off from the police because the bank is in a much better position to evaluate your claim than the police are, so that's the system which they have in place to handle it.

Re:Credit card fraud treated as Identity Theft in (0)

Anonymous Coward | more than 2 years ago | (#40315695)

Yes, most of the numbers are stolen in bulk from poorly secured databases.

There are forums, dozens of forums, where you can upload a few hundred card numbers and somebody will check they're fresh and then pay you say $5000 per thousand cards for your full list with CVVs etc. If you waste your time getting the police in some crappy out of the way place to shut down the server, another springs up the next day so the law enforcement people don't bother any more. Instead they pay White Hats to break into these forums and steal back the data, identify the bad guys and so on.

Of course people are not supposed to have databases full of credit card numbers. But they're also not supposed to have databases full of unsecured passwods. They're not supposed to have root accounts with '12345' as the passwod and remote access enabled. They're not supposed to put customer details onto a laptop and then leave it on a train. Basically people suck, and even if only 10% of people suck that means if you used your credit card in ten places online probably one of the places you used it has a poorly secured database with your credit card number in.

I'd like to see the card operators performing physical audits. Guys show up, they inspect your systems, and if they don't like what they see, too bad you're out of business. That might encourage the "Oh, I'll just put it in a MySQL DB on a shared web host, I'm sure it'll be OK" people to buck their ideas up, or if not it'll ruin them financially which is OK with me too.

Banks do have internal problems (e.g. crooked people working at the bank), but they're rare. That's no less serious for the customer, in fact it's worse because the bank's internal systems will (having been fooled by an insider) probably say it's the customer at fault, but it's not monetarily a large portion of fraud..

Re:Credit card fraud treated as Identity Theft in (1)

moeinvt (851793) | more than 2 years ago | (#40310965)

"Did you know that a fresh credit card number is worth about $0.50 on the open market today?"

I didn't know that, and I doubt it. That might be the cut that the carder gives to the bus-boy, but it's my impression that the mag stripe data is worth a lot more than that on the open market.

Re:Credit card fraud treated as Identity Theft in (0)

Anonymous Coward | more than 2 years ago | (#40311943)

obviously you don't understand economics. If a merchant's costs are increased due to credit card theft, then the cost must be pushed to the consumer or the merchant goes out of business - whether there is insurance or not.

Is running the forum now a crime? (1)

moeinvt (851793) | more than 2 years ago | (#40311595)

Can you now be charged for simply setting up and administering a carding forum? I RTFA but only skimmed the indictment. Not saying that this is all the guy was doing. Just curious. I think they've taken down most of these guys because they are not only administering the site, they're also active participants in the commerce.

"he actively hacked into and absconded with stolen card data taken from other fraud forums."

IANAL, but how can they prosecute you for stealing stolen stuff? Wouldn't this be like being charged for "grand larceny" for stealing illegal drugs from someone? Don't the victims need to press charges? I think the real crime will be transfer/sale of the stolen property.

Now, if the U.S. government would exert the same effort on investigating and prosecuting the big banks for their rampant acts of fraud, there might be some justice in this country.

Re:Is running the forum now a crime? (1)

ArcadeNut (85398) | more than 2 years ago | (#40316715)

IANAL, but how can they prosecute you for stealing stolen stuff?

Really? IANAL either, but theft is theft. It doesn't matter how many layers you put between yourself and the owner...

Heck you can go to jail for BUYING stolen goods if you should have known they were stolen.

Re:Is running the forum now a crime? (0)

Anonymous Coward | more than 2 years ago | (#40323687)

IANAL, but how can they prosecute you for stealing stolen stuff?

Really? IANAL either, but theft is theft. It doesn't matter how many layers you put between yourself and the owner...

Heck you can go to jail for BUYING stolen goods if you should have known they were stolen.

I don't know about that. SCO accused IBM of stealing their intellectual property. And, apparently the issue of whether or not they actually owned UNIX was a pretty big deal in that case.

SU domain (2)

Zontar_Thing_From_Ve (949321) | more than 2 years ago | (#40313087)

Anybody wonder what the .su domain refers to? It's the Soviet Union. They haven't existed since 1991. Yet somehow people are still allowed to register under the domain.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>