Cloned Boy
Professional
- Messages
- 1,078
- Reaction score
- 820
- Points
- 113
In this thread, the famous carder Sergey Pavlovich analyzes the song by Slava KPSS/Gnoyny (yes, the same one who had a battle with Oxxxymiron) about carders, written, apparently, for money for one carder forum. And despite the fact that this song, most likely, did its job for the promotion of this forum, it contains a number of errors in terms - insignificant, but if Slava were an active or at least former carder, he would not have made them. Antihype!
Contents:
Today's episode: Carding. Analysis of Slava KPSS's song about carders.
Pavlovich:
This was one of the main schemes, which at one time, my cybercriminal past, probably brought me the most money. They hack stores, banks, hotel chains, and whatever you want. Hello, yes, hello, dear. In short, these shrimps will twist their flippers, and that's it, and take you to prison.
Friends, hello! And today we will comment on Slava KPSS's song about carding, because he probably sang the song for a fee, but he has very little idea about carding, and therefore made a whole bunch of mistakes in the song.
And I will use his example, using this song as an example, to tell you about the basic concepts of carding, what is what, and the world of cybercrime in general. So, let's go.
About cloning bank cards.
Slava KPSS:
White plastic on the pocket, the number with six zeros, acquiring is again in the fools' seat, because someone poured in again.
Pavlovich:
White plastic on the pocket, here we are talking simply about clones of bank cards, that is, in order to clone a bank card, you need a device such as a card reader, it simply copies the information contained on the magnetic strip of your card, that is, it is called a dump. There is simply a card number, which is stamped on the front surface of the card, the expiration date and a code for yourself, so that you can pay for something on the Internet, and when
you have a dump, that is, full info from the magnetic strip or the fingerprint of your bank card, then you can already make a clone and successfully go buy something in stores, but if the amount is less than 1-3 thousand rubles, so as not to enter a PIN, and before, a PIN was not required, so you could go to the store and buy at least 50 thousand dollars, but if you also have the PIN code for the dump, then of course you write it down on white plastic.
Well, why on white plastic? Because in order to make a copy of the card, of course, you need some expensive equipment and do it for withdrawal, for example, in ATMs, when you have a PIN code, making a card close to the original makes no sense. Therefore, just on the plastic like this on the CR-80 screen, these are such white blanks with a magnetic strip, with the help of an encoder, a device that in my time cost 900 thousand dollars, and now 200-300, with the help of an encoder, a dump from a real card is written to the magnetic strip of this white card, and if there is a PIN, you go to an ATM and withdraw it.
Well, if there is no PIN, then, accordingly, earlier, for example, someone came to a casino, where you know the owner, and simply agreed that you would buy chips with this card for 5 thousand dollars, as, in principle, we always did.
What is "acquiring"?
Pavlovich:
What else was said here is the word acquiring. Acquiring is, so you understand, when you simply have a post-terminal, for example, acquiring is the processing of money by a bank, that is, banking services for a POS terminal.
"There is no such thing as too much cardboard."
Slava KPSS:
There is no such thing as too much cardboard.
Pavlovich:
Cardboard is just a slang term for cards, that is, either card numbers or already cloned physical cards. There is no such thing as too much cardboard.
Transaction flow.
Slava KPSS:
Transaction flow from Mr. Johnson's account to white plastic.
Pavlovich:
Well, the transaction flow is simply payments from a bank card.
What are VPN services and proxies and how are they used in carding and more.
Slava KPSS:
Acquiring is a fool again, because someone has been poured in again. There is no such thing as too much cardboard and the transaction flow from Mr. Johnson's account to our white plastic. The system of fat cats on blood has been going on for so many years, so why not deceive in return. Hiding under a VPN cloak, like the avenger Zorro
Pavlovich:
Hiding under a VPN cloak, that is, a VPN service is simply a service that helps you quickly connect to another VPN service on the fly. VPN is a Virtual Private Network, this is when you connect, immediately go online from your home or mobile provider, Beeline, for example, MTS, MGTS, and already connect to a VPN server, for example, you need one in the Netherlands, and you connect directly from it, you carry out all your further movements on the Internet from it, and the final address will no longer be your home IP, but simply the IP address of this VPN server. And the most savvy there in my time and now they create chains of proxy servers, for example, you use Hide.Me or NordVPN, or CyberGhost, ExpressVPN, yes, and simply connect from one VPN to another, there from the second to the third.
But chains, of course, make it difficult to identify you there, because you connect to a server there in Holland, then in Belgium, and so on, you have a chain of different servers and different VPNs of these owners of these different VPN servers, and therefore your further identification, so that when, say, the police or the special services start looking for something, it is difficult, but in general it is possible, because it is just a matter of time, they will pass on official requests, there, to the owner of one VPN service, the second, the third, and thus they will find you.
There are especially unsafe VPN services, where logs are saved, that is, the history of all your movements through it. And if you are interested in what a VPN is, I will shoot a separate episode, I will tell you whether it is worth using, if so, which ones, what logs they save, what they say they save, so if you are interested in VPN, write in the comments, I will take a look.
If there are many comments about this, I will tell you my experience of using them and all the pros and cons. And besides, you can change your IP not just with a VPN, VPN is the easiest, but you can also change the proxy, different proxies are suitable for different purposes, for example, my Katya works in Apana and VPNs are not suitable for her, because they are all public, everyone knows their IP addresses, accordingly, for these
purposes, all sorts of good residential proxies are used, which no one will ever determine that you are connected through another person's IP, somewhere in Australia, for example.
What is "enroll"?
Glory to the CPSU:
"We are spinning your bank under the tail, thanks for the enroll to you."
Pavlovich:
First, "thank you for the enroll", Enroll is when you have a victim's bank card, you bought the card somewhere or stole it somehow, I don't know, maybe a prostitute peeped at a client while he was sleeping, copied this card, and simply when you open online access to it, that is, you get access to his online banking. For example, in Russia it is quite difficult to do, everything is tied to mobile phones there, go to an ATM, or in Tinkoff, for example, they brought you a card at home, but everything is tied to your mobile phone.
In the States before, I don't know how it is now, I haven't tied it for a long time, but before, for example, in order to open online banking to your card, you needed to go to security number, yes. And what we did, we took, for example, a database of cards or even dumps, we take a person with some rare last name, it is clear that if you enter John Smith, there will be, I don’t know, several thousand of these guys in America, and you will not find the Security Number of the person you need.
But for these purposes, we took foreigners with some rare last name, I don’t know, Korean, Chinese, and already through special services, they were paid, but there was enough access to them, Acurint and so on. Through Acurint.Com, for example, we punched in the full address of residence, phone numbers and this Social Security Number, that is, this is generally, if anyone doesn’t know, this is a social security number in America, and your whole life is tied to it.
That is, everywhere when applying for a job, when paying taxes, your SSN, Social Security Number is required everywhere, so you just punch in the SSN, and then open it, get online access to the card, there, in principle, everything is simple. And online access to the card, when there is, firstly, you see how much money is there, for example, a credit card on a credit account, there is a debit card with an overdraft, maybe you just see how much money you can physically withdraw from it, steal, for example.
And also, why nRoll was valuable to me personally at the time, many banks, for example Fleetbank, now it has merged with someone, this is a bank, the fleet bank was, the US fleet bank, and MBNA, for example, Capital One bank, they allowed you to change the PIN code on the card through online banking.
That is, you just have a dump without a pin, on a white plastic, which Slava used to sing about in a song, this dump is recorded and you just get online access to the same card, change the pin to the one you need there and let this card lie around for a while, in a couple of weeks you will safely cash it in an ATM, this was one of the main schemes, which at one time, my cybercriminal past, brought me, probably, the most money.
The difference between a billing address and a shipping address.
Slava KPSS:
Our overseas friends from a variety of shops are ready to spit on billing, send goods to drops.
Pavlovich:
Friends from a variety of shops are ready to spit on billing, send goods to drops, what is meant here? Not giving a damn about billing, yes, in general, if at the very beginning of cybercrime, when it was just emerging in the CIS, it was the mid-90s, it was possible that you got access somewhere to someone else's credit card, to the number, yes.
That is, the number, the address of the owner, the billing address, that is, the address of the owner, and his phone number, let's say, and you simply enter some purchase in an online shop in America, Australia, Germany, you pay with this someone else's card. That is, it was called clothing carding, and you, it turns out, enter the billing address in one field, that is, the payer's address, in the second field you entered, for example, the shipping address, that is, your personal address or your grandmother's address there, or the address of your drop, yes, a front man.
And it turns out that earlier you could send, you can have a great billing address, well, like you're sending it to someone as a gift, a relative, a friend, I don't know, a MacBook, like mine, and then this thing went wrong and you had to order only to the payer's address. That is, billing and shipping, if they didn't match, then the goods simply weren't sent to you. And here he sings in the song, Slava, that they didn't give a damn about billing, that is, they sent the goods to a drop, they sent the goods to a drop, if the shipping address and billing address were great.
It was in such shops that they were quite rare. Now there are practically none that would send to an address different from the payer's address, but then on the droppers, yes, on these front men from among distant acquaintances and alcoholics and all sorts of strangers, because there were special drop services that were kept there in different countries, they had a bunch of all sorts of acquaintances,
personal or online, and just those people, the droppers, they accepted goods in different countries and received some fixed fee for it, for example, 15, 50, 100 dollars, depending on the value of the parcel, repacked it in another package and then sent it to you in the CIS, for example, it was called a drop service.
What is an "exploit", one of the main weapons of a hacker?
Slava KPSS:
By means of a cunning exploit, the obtained base.
Pavlovich:
An exploit, if you don't know, is just a hacker's tool, a script that uses, puts into action a certain vulnerability.
And with it, stores, banks, hotel chains, and whatever else are hacked. That is, an exploit, along with vulnerabilities, is one of the main weapons of a hacker, because an exploit is, let's say, a script that uses a vulnerability you found, for example, you found it in a store, the most common vulnerabilities now are SQL injection, that is, errors in the SQL database, MySQL, and an exploit simply exploits this vulnerability that you found, and through SQL errors are simply introduced into some site you are attacking, and from there you can steal and gain access to all clients, drain their entire database, and their payment details, and cards, and whatever you want.
"You need to "check", and then you can drain it for sale" - about bank card checkers.
Slava KPSS:
The database needs to be checked, and then it can be sold.
Pavlovich:
He says that the database is needed, the database obtained by the exploit needed to be checked and sold. That is, to check it in carder, in this cybercriminal slang, was to run it through a checker, yes, a check is from English, but a checker is from the English "check a check".
That is, how the checkers were arranged, for example, someone has access to a hacked porn site, for example, and he goes through their internal merchant, well, that is, a small processing center, but this is not a processing center in fact, but a merchant, this is a mini-processing point for a certain site, let's say, here, and you
simply withdraw some small amount from the card that you need to check, a couple of cents, for example, and you look at what your merchant gave the answer, there 0-0, approval, for example, yes, that means the card is working. But there were such funny situations, I have a client today for 1000 cards, let's say, and I have a transaction there for 1000 for 20 dollars, I run them through this checker so that I can give the client exactly 00 with a response from the terminal, 00 approval, that is, only a working card,
and I ran them through the checker, and this checker is already so exposed, and damn, my entire batch of cards is blocked there for 10-20 thousand dollars, they just block, and you don't know who to make a claim to. Well, there were checkers then, they still exist. Their operating principle was like this.
Who are these "droppers".
Slava KPSS:
On sky-fraud.ru, where there are tons of droppers with their hands, they will tear off the base ...
Pavlovich:
He then advertises one forum, which probably ordered this song from him, yes, I wonder, Slava, how much did they pay you? Write in the comments.
And he says, there are tons of droppers on such and such a forum. Droppers are, as you might have guessed from the context of an earlier conversation, those who have a bunch of drops in different countries who simply forward your packages from the West, because you have an American card, for example, so you need to enter an American, and they simply send you their drops in America later in the CIS.
That is, droppers are those who own a bunch of drops.
"Iron Shield TrueScript" is about a mistake in a song.
Glory to the KPSS:
Take your mind, until you face prison, I'm not afraid of a visit, a USB drive protects better than a contact, the iron shield TrueScript, give me a strong spinzer.
Pavlovich:
TrueScript iron shield, that is, here he made the first factual mistake, because TrueScript iron shield, Script is generally a website code, let's say, or some executable program, that is, some executable code. But he says true script, in general it is correct to say true crypt. True crypt is simply a program for encrypting data completely there according to very long complex algorithms, they can be selected on your, let's say, disk, yes, you can encrypt, create a virtual container there, well, encrypted with this very true crypt.
Before true crypt, this is an open source developer, before true crypt. All hackers and carders, cybercriminals, they used DriveCrypt developed by the Israeli military, there was such a paid program or you could find keys to it there or BestCrypt. And you know, even the scientists themselves, who in America have such a CERT, this is a service, well, like SOBR, yes, a special rapid response unit under the police, let's say.
The same thing in Western intelligence agencies and police, there is CERT, a computer rapid response team. And CERT specialists often go to all sorts of arrests, there are suspects together with the police, or with the FBI, or with the secret service, as in my case, for example, and this CERT, well, these are such big computer specialists, in the CIS they have an analogue, for example,
a company called Group IB, yes, I will now be filming an interview with its bosses on August 17, I think, so if you have any questions about computer security, about carding and everything else, throw them in the video, we will ask them in Group IB, you can read what it is Ilya Sochkov. So, about bestcrypt, SERD specialists and other cyber, these various analysts, fighters against cybercrime, they say that if the information is encrypted with bestcrypt and in the presence of a long and complex password, yes, well
it is clear that it is not 1, 2, 3, 4, 5, but some symbols of 20, 30, different registers, asterisks, all sorts of service symbols, then they practically, I am quoting this almost verbatim, they practically do not allow the thought that they could hide such a password, crack it in the usual way. That is, as a rule, either someone in Russia can knock it out, yes, or in Turkey, here Maksik got, they can knock such a password out of you, they can simply deceive you somehow by promising that you are there, the investigators of the garbage and then throw you, yes.
In America, this is most often the case, they understand that it is unrealistic there for the next 50 years the password is so long, well, the disk is protected by such a password and it is impossible to crack it with bestscript, and therefore they simply offer listen, well, let's give you the minimum there, you are facing life imprisonment or 20 years, let's give it 5 years, but you give us the password yourself, and now all this is mainly used for this, the Truecrypt program, and Slava, due to
its ignorance, received the money, did not learn the facts, and he sings like True Script, well, since he is an amateur in this, we can forgive him for this.
"While the screamer beeps, and the pins are being entered" is the second mistake in the song.
Slava KPSS:
And I sleep soundly, while the screamer beeps and the pins are being entered.
Pavlovich:
Hehehehe, I'll listen to this now, I just found it very funny.
Slava KPSS:
This is how he protects the USB drive, the iron shield of the Russian script. And I sleep soundly, while the skimmer is beeping and...
Pavlovich:
While the streamer is creaking something there. He says, the streamer is creaking there, right? That is, what is a streamer? Well, I don’t know, the streamer is probably me, when I blog on YouTube. That is, you are watching a live stream, a streamer. In fact, we are talking here, this is the second Slavic-factual error, we are talking here about a skimmer, this is a device like this, I will display it on the screen, a skimmer, most often, is a thing that is hung on the card receiver
of an ATM, and at the moment the card passes, when you insert it into the slot of the ATM, it passes through your special overlay, they are like this, like this, like this, well, or even like this, and when the card passes through this skimmer of yours, it, all its data, the dump, the info from its magnetic strip, it is simply copied into the built-in memory of your skimmer.
And there are skimmers that simply have built-in memory, yes, and there is a battery there, and there are skimmers that are more advanced, more expensive, which contain a GSM module and send you dumps that they managed to remove directly to your email. These models, they are more advanced, because you immediately receive dumps once an hour, for example, that passed through your skimmer, and suddenly there are bank employees singing cassettes with cash to load or there to repair an ATM, they will notice this fake overlay and remove it, or
the police are there, or someone will notice, but won't show it, let's say you come to take your skimmer off the ATM, and you're already there, hello, hello, dear, in short, these shrimps will twist the fins and that's it, and take you to jail. That's why skimmers were such things. But you may ask, and dumps, yes, and pins, how to get pins in this case? Well, for pins another thing was used, that is, it was either a video camera, where you stick it somewhere, I don't
know, next to the ATM somewhere on the lid or on the side, on the wall, yes, or there, I don't know, put some magazine there, like hang some kind of box supposedly for information bulletins, and attach your video camera there. Or the second more advanced method, you can find it for every ATM there in the Darknet, they used overlay keyboards, which are simply placed on top of the original keyboard, the latter is pressed down a little and this overlay keyboard simply records all the PIN codes that a person entered, PIN codes, amounts, and so on.
This is called a skimmer, but in no case, Slava, this is not a streamer. By the way, if I were the owners of this forum, yes, who paid Slava for this song, I would, of course, not accept such a hack job, that is, I am a perfectionist, it sometimes hurts me a little, but in principle I like to polish everything before doing it.
Therefore, I simply would not accept this song from Slava, and if he had already flatly refused to rewrite it, oh, the studio is there, yes, well, I would have simply demanded part of the money back.
About "Trojan horses" and Trojan viruses.
Slava KPSS:
In the pocket. Number six zeros. Equivalent is a fool again. You have poured someone again. There is no such thing as too much cardboard. And the flow of transactions at the expense of Mr. Johnson on white plastic. Having let into the Trojan horse, Troy once fell.
Pavlovich:
Having let into the Trojan horse, three fell. Yes, if you haven't seen the movie "Troy", watch it. Here. There the enemies besieging Troy, they simply could not take the impregnable walls of the three. By the way, it's a great movie. One of my favorites with Brad Pitt. Very cool filming. If you haven't seen "Troy", in short, I highly recommend it. But the enemies of "Troy", when they besieged it, they could not get through the high walls, and the defending archers could not get into "Troy".
Then they sent them a Trojan horse, they simply allegedly made such a gift to the gods. They made a wooden horse, and the warriors sat on it, and they dragged this huge horse to the gates of "Troy" and left it there. But the Trojans decided that this was a gift for the gods, that maybe the war between us would end, they dragged it into their city, and in the evening the warriors safely climbed out of this Trojan horse and destroyed all of Troy.
And Brad Pitt played in the film "Achilles". But after that, a Trojan is called a Trojan, a Trojan horse, yes, well, a Trojan horse is correct, but in general, among programmers, hackers, and carders, it is naturally called a Trojan. It is simply a malicious program that completely subjugates your computer and performs certain actions. That is, it can control your computer, it can use it to send spam, that is, it will get into a botnet, but we will hear about this later, and it records
all the data of your clicks, the screen, etc., so it can still be infected by Trojans, it seems to me, if a virus, when you get infected, can simply screw up your computer, yes, let's say, some files there, create millions of copies, all sorts of files, then Trojans, when you get infected by downloading porn from free sites, yes, my young viewer, Most often, of course, the Trojan steals this banking information, all your accounts on social networks, then money disappears from your banking, and your accounts on social networks are simply stupidly put up for sale.
"An embosser stamps plastic" - what is an embosser.
Glory to the CPSU:
In my corner, an embosser stamps plastic.
I enter the card”, “dollars will run away to me on the ‘stick’” – about shopping with stolen credit and debit cards and using PayPal to cash out money).
Pavlovich:
Well, I don’t know, you could say that this is his third factual error, but let’s leave it, let’s not number it, let’s not classify it as an error, let’s just tell you what an embosser is, it stamps plastic, to some extent you could say that it stamps, but an embosser is so that you understand when you make a copy, there’s a clone of someone else’s card, I have one, let’s say, an embosser is a huge thing and quite expensive. I had a Matic for three or a Matic for one, it was $9,000, I think. I paid a huge printer for it. You just insert a series of cards there, and it produces these on the card, well, it produces these numbers, yes, these numbers, it squeezes them out from the other side, and there’s another thing, Slava, of course, doesn’t talk about it, it’s a tipper. A tipper is one that foils the letters stamped by the embosser with gold or silver foil, and it turns out that expensive models of embossers, my Matic is Z3, it had a built-in tipper, that is, you inserted the card, and with it, from this, after this embosser, a card comes out with an embossed number, and it is already painted in silver or gold, depending on the design of your card.
Therefore, we can, in principle, yes, say a little bit that it stamps the cards.
A couple of minutes and I enter the card, yes, they enter the card into an online shop, some other person's card, to get the goods, or they enter it on some dating site to get a premium account, or they enter, let's say, the same thing, again, the scheme, he enters an account on a dating site for dollars, let's say, 100-200 from someone else's card, but he has an affiliate program, a referral program affiliates this, yes, a referral link, he acts as a webmaster, bringing to this site acquaintances with, let's say, clients, but he simply enters from other people's cards in parallel, buys these premium Macs and has 40-60% of the cost of the amount entered there, from the cost of this premium Mac. And I did exactly the same thing back in the day, that is, you act as a webmaster, let's say, of porn sites, you pour traffic, that is, you get 40-50-60 dollars there for each subscription you sell, but you also periodically enter from left cards, you enter there and you get 40-60%, yes, I basically always got from any subscription on a porn site. Well, more often, of course, this is used, you enter, I don't know, you can enter in Uber, food in Yandex, yes, some flowers, that is, either just in an online store to get some valuable goods, that is, either we enter the card in the store, or in the service.
Now let's listen to this excerpt again, he says I enter the card and the dollars will run to my stick, that is, the stick means PayPal, that is, PayPal payment system accounts and there are a lot of different fraud schemes with PayPal, so you can link a card there and from it, you can link a bank account, for example, you can use a card and you already pay, let's say in some store it accepts PayPal, let's say you pay with PayPal, but the money is withdrawn from the bank card, or most often from the bank account, here are your victims, that is, whose data you stole.
Rippers - who are they?
Glory to the CPSU:
Goodbye America, goodbye! The fat cop won't accept us. A carder doesn't steal from his own, because rippers are worse than rats.
Pavlovich:
A carder doesn't steal from his own, because rippers are worse than rats. That is, well, I think I don't need to explain the meaning of the word carder to you, right? In general, it is formed, I will tell you, who does not know already, okay, it is formed from the English card, and a carder is someone who is engaged in fraud with credit, well, with bank cards in general, because the cards may not only be credit, they can also be debit, there are debit with overdraft, which allow you to go into the minus a little. Well, such a hybrid between credit and debit cards. So, a carder is someone who specifically commits fraud with these cards, with bank accounts there less often, well, and the word carding itself, yes, that is, this is fraud in the field of bank cards. Carding and the person who carries out this action, the carder.
And here he says rippers, rippers are in our environment, I don't know what RIP Rest In Peace, yes, rest in peace, I don't know where it came from, but a ripper has always been a scammer, that is, in our environment, for some reason, rippers have always been called scammers. Well, who, you know, they are rippers, well, just a scammer, maybe you pay for something on Avito, yes, and you were scammed there like a sucker, let's say, and rippers were mostly meant as these half-rats who scammed among our crowd, among their own.
Here on the forum there was, let's say, Jax was such a dude, yes, here's my fanatic friend, a famous carder, by the way, and a more famous rapper, and he sang a song, why, he's a very cool music artist, I'll leave a link to his album under the video, but he became famous for singing the first song about Carders, and there was such a character in his song, so I'll even turn it on a little now.
About carder Jax, that is, Jax, if my memory serves me right, he earned a reputation for himself on carder forums in the cashing sphere, and then simply, well, maybe built a union, poured money on his drops, let's say, and then when he already had a reputation, he simply screwed everyone for 100 thousand dollars.
NTL:
But suddenly Jax wanted to measure money in meters. He screwed all his familiar carders for fifty kilobacks. Sold reputation, became a scammer, and not afraid of a dagger and funeral with a guitar...
Pavlovich:
And this is such a dude, he was called a ripper, of course, in our environment. They were small, large, there were... But there were, by the way, quite a few of them. That is, it should be noted that there were still some rats in our environment.
""Wire" without a chargeback" - the meaning of the words "wire" and "chargeback".
Slava KPSS:
"A premier carder does not steal from his own, because rippers are worse than rats. Again, wire without a chargeback, successful phishing."
Pavlovich:
"Again, wire without a chargeback." Wire is from the English wire transfer, this is a regular bank transfer, yes. "Again wire without chargeback", that is, when you have access to someone else's bank account, you simply make a wire transfer from it, a transfer to your bank account opened for your drop, preferably in the same bank, banks, so that it is not an interbank and especially not an interbank international transfer, which takes 2-3 business days, that is, working days, and you, for example,
access to a hacked account in the American bank network, accordingly, you in the American network ideally should have this same account on the drop, and you just make a wire transfer from it, a bank transfer from someone else's account to yours, to the account of your drop. And he says wire transfer, wire without chargeback, and chargeback is when the victim, yes, the victim, that's who the victim is, from whom you stole money, he notices this loss, and he then signals his bank, the police and says, I did not do this transaction, and a chargeback comes, that is, from your account, where you drained the money, just a return goes, chargeback.
There is also such a concept as a refund, this is when you say yourself, no, well, I don't want to go here, return the money to the bank account, well, from which it came, a refund is called. Well, but in this case, chargeback is a forced withdrawal of money from the account where they went.
What is "phishing" and how is it different from fishing?
Slava KPSS:
Again wire, without chargeback, successful phishing.
Pavlovich:
Successful phishing has been mentioned, phishing is when you simply make, say, a website on the Internet, repeating the website almost in detail, there is a bank, yes, and simply under various pretexts lure users to your phishing website, or send them an e-mail newsletter on behalf of the bank, or call them, in some other way, messenger spam, in groups, in chats. It repeats, say, the bank's website completely, but of course it cannot have bank.com in the website address line, it can have some bank2.com, for example, and if you don't look there carefully, you will think that you are on the original Sberbank website, you enter your logins, passwords and other valuable information there, and the attacker will steal it. And all this is called by the general word phishing.
Phishing is from English, well, it's a little distorted from English phishing, fishing, yes, only if fishing is written with an English f, phishing, then this computer phishing, it turns out with ph phishing, but it is pronounced the same as phishing.
Slava KPSS:
And so the botnet expanded, the decibel is quieter ...
Pavlovich:
A botnet is when your computer or mobile phone, it is already infected, let's say, with a Trojan, and now it is controlled by a malicious person, something through your IP, let's say,
can be bought on bank websites, blackmail someone and your IP will already be visible, let's say, or used to send spam, for example, through your computer, you don't know, it is infected with a Trojan, it actually becomes a bot, yes, and enters this botnet, into the network of these bots, the hacker who infected you, it turns out. And there were huge botnets, I don't know how it is now, but in my time there was a Spanish one called Mariposa, it was a botnet, I think, for 12-7 million computers.
Now they make botnets for mobile devices too.
Ah, well, damn, Slava has already broken us off, our song is over. Well, guys, such a song, a song, naturally, paid for, I wonder how much the carding forum advertises for. But I liked this approach, quite creative, yes, and it seems to me that the owners of this forum guessed very well when they ordered this song from Slava, but here are a few Slava two factual errors that would need to be worked on if you were dealing with the order of this song with me.
Thank you for reading, any questions there about VPN and cybercrime in general, ask them under this topic, know for yourself, I read every comment. If you meet Slavik KPSS in St. Petersburg on the street, say hello, that's it, thanks, hugs, bye.
Contents:
- Today's issue: Carding. Analysis of Slava KPSS's song about carders.
- About cloning bank cards
- What is acquiring?
- "There is no such thing as too much cardboard"
- Transaction flow
- What are VPN services and proxies and how are they used in carding and more
- What is "enroll"?
- Difference between billing address and shipping address
- What is an "exploit", one of the hacker's main weapons?
- "You need to 'check' it, and then you can sell it" - about bank card checkers
- Who are the "droppers"?
- "Iron Shield Truscript" - about the mistake in the song
- "While the screamer beeps, and the pins are being driven in" is the second mistake in the song
- About Trojan Horses and Trojan Viruses
- "Embosser stamps plastic" - what is an embosser
- "I'm typing in the card", "dollars will run away to me on the "stick"" - about shopping with stolen credit and debit cards and using PayPal to cash out money)
- Rippers - who are they?
- "Wire without chargeback" - the meaning of the words "wire" and "chargeback"
- What is "phishing" and how is it different from fishing?
- What is a botnet?
Today's episode: Carding. Analysis of Slava KPSS's song about carders.
Pavlovich:
This was one of the main schemes, which at one time, my cybercriminal past, probably brought me the most money. They hack stores, banks, hotel chains, and whatever you want. Hello, yes, hello, dear. In short, these shrimps will twist their flippers, and that's it, and take you to prison.
Friends, hello! And today we will comment on Slava KPSS's song about carding, because he probably sang the song for a fee, but he has very little idea about carding, and therefore made a whole bunch of mistakes in the song.
And I will use his example, using this song as an example, to tell you about the basic concepts of carding, what is what, and the world of cybercrime in general. So, let's go.
About cloning bank cards.
Slava KPSS:
White plastic on the pocket, the number with six zeros, acquiring is again in the fools' seat, because someone poured in again.
Pavlovich:
White plastic on the pocket, here we are talking simply about clones of bank cards, that is, in order to clone a bank card, you need a device such as a card reader, it simply copies the information contained on the magnetic strip of your card, that is, it is called a dump. There is simply a card number, which is stamped on the front surface of the card, the expiration date and a code for yourself, so that you can pay for something on the Internet, and when
you have a dump, that is, full info from the magnetic strip or the fingerprint of your bank card, then you can already make a clone and successfully go buy something in stores, but if the amount is less than 1-3 thousand rubles, so as not to enter a PIN, and before, a PIN was not required, so you could go to the store and buy at least 50 thousand dollars, but if you also have the PIN code for the dump, then of course you write it down on white plastic.
Well, why on white plastic? Because in order to make a copy of the card, of course, you need some expensive equipment and do it for withdrawal, for example, in ATMs, when you have a PIN code, making a card close to the original makes no sense. Therefore, just on the plastic like this on the CR-80 screen, these are such white blanks with a magnetic strip, with the help of an encoder, a device that in my time cost 900 thousand dollars, and now 200-300, with the help of an encoder, a dump from a real card is written to the magnetic strip of this white card, and if there is a PIN, you go to an ATM and withdraw it.
Well, if there is no PIN, then, accordingly, earlier, for example, someone came to a casino, where you know the owner, and simply agreed that you would buy chips with this card for 5 thousand dollars, as, in principle, we always did.
What is "acquiring"?
Pavlovich:
What else was said here is the word acquiring. Acquiring is, so you understand, when you simply have a post-terminal, for example, acquiring is the processing of money by a bank, that is, banking services for a POS terminal.
"There is no such thing as too much cardboard."
Slava KPSS:
There is no such thing as too much cardboard.
Pavlovich:
Cardboard is just a slang term for cards, that is, either card numbers or already cloned physical cards. There is no such thing as too much cardboard.
Transaction flow.
Slava KPSS:
Transaction flow from Mr. Johnson's account to white plastic.
Pavlovich:
Well, the transaction flow is simply payments from a bank card.
What are VPN services and proxies and how are they used in carding and more.
Slava KPSS:
Acquiring is a fool again, because someone has been poured in again. There is no such thing as too much cardboard and the transaction flow from Mr. Johnson's account to our white plastic. The system of fat cats on blood has been going on for so many years, so why not deceive in return. Hiding under a VPN cloak, like the avenger Zorro
Pavlovich:
Hiding under a VPN cloak, that is, a VPN service is simply a service that helps you quickly connect to another VPN service on the fly. VPN is a Virtual Private Network, this is when you connect, immediately go online from your home or mobile provider, Beeline, for example, MTS, MGTS, and already connect to a VPN server, for example, you need one in the Netherlands, and you connect directly from it, you carry out all your further movements on the Internet from it, and the final address will no longer be your home IP, but simply the IP address of this VPN server. And the most savvy there in my time and now they create chains of proxy servers, for example, you use Hide.Me or NordVPN, or CyberGhost, ExpressVPN, yes, and simply connect from one VPN to another, there from the second to the third.
But chains, of course, make it difficult to identify you there, because you connect to a server there in Holland, then in Belgium, and so on, you have a chain of different servers and different VPNs of these owners of these different VPN servers, and therefore your further identification, so that when, say, the police or the special services start looking for something, it is difficult, but in general it is possible, because it is just a matter of time, they will pass on official requests, there, to the owner of one VPN service, the second, the third, and thus they will find you.
There are especially unsafe VPN services, where logs are saved, that is, the history of all your movements through it. And if you are interested in what a VPN is, I will shoot a separate episode, I will tell you whether it is worth using, if so, which ones, what logs they save, what they say they save, so if you are interested in VPN, write in the comments, I will take a look.
If there are many comments about this, I will tell you my experience of using them and all the pros and cons. And besides, you can change your IP not just with a VPN, VPN is the easiest, but you can also change the proxy, different proxies are suitable for different purposes, for example, my Katya works in Apana and VPNs are not suitable for her, because they are all public, everyone knows their IP addresses, accordingly, for these
purposes, all sorts of good residential proxies are used, which no one will ever determine that you are connected through another person's IP, somewhere in Australia, for example.
What is "enroll"?
Glory to the CPSU:
"We are spinning your bank under the tail, thanks for the enroll to you."
Pavlovich:
First, "thank you for the enroll", Enroll is when you have a victim's bank card, you bought the card somewhere or stole it somehow, I don't know, maybe a prostitute peeped at a client while he was sleeping, copied this card, and simply when you open online access to it, that is, you get access to his online banking. For example, in Russia it is quite difficult to do, everything is tied to mobile phones there, go to an ATM, or in Tinkoff, for example, they brought you a card at home, but everything is tied to your mobile phone.
In the States before, I don't know how it is now, I haven't tied it for a long time, but before, for example, in order to open online banking to your card, you needed to go to security number, yes. And what we did, we took, for example, a database of cards or even dumps, we take a person with some rare last name, it is clear that if you enter John Smith, there will be, I don’t know, several thousand of these guys in America, and you will not find the Security Number of the person you need.
But for these purposes, we took foreigners with some rare last name, I don’t know, Korean, Chinese, and already through special services, they were paid, but there was enough access to them, Acurint and so on. Through Acurint.Com, for example, we punched in the full address of residence, phone numbers and this Social Security Number, that is, this is generally, if anyone doesn’t know, this is a social security number in America, and your whole life is tied to it.
That is, everywhere when applying for a job, when paying taxes, your SSN, Social Security Number is required everywhere, so you just punch in the SSN, and then open it, get online access to the card, there, in principle, everything is simple. And online access to the card, when there is, firstly, you see how much money is there, for example, a credit card on a credit account, there is a debit card with an overdraft, maybe you just see how much money you can physically withdraw from it, steal, for example.
And also, why nRoll was valuable to me personally at the time, many banks, for example Fleetbank, now it has merged with someone, this is a bank, the fleet bank was, the US fleet bank, and MBNA, for example, Capital One bank, they allowed you to change the PIN code on the card through online banking.
That is, you just have a dump without a pin, on a white plastic, which Slava used to sing about in a song, this dump is recorded and you just get online access to the same card, change the pin to the one you need there and let this card lie around for a while, in a couple of weeks you will safely cash it in an ATM, this was one of the main schemes, which at one time, my cybercriminal past, brought me, probably, the most money.
The difference between a billing address and a shipping address.
Slava KPSS:
Our overseas friends from a variety of shops are ready to spit on billing, send goods to drops.
Pavlovich:
Friends from a variety of shops are ready to spit on billing, send goods to drops, what is meant here? Not giving a damn about billing, yes, in general, if at the very beginning of cybercrime, when it was just emerging in the CIS, it was the mid-90s, it was possible that you got access somewhere to someone else's credit card, to the number, yes.
That is, the number, the address of the owner, the billing address, that is, the address of the owner, and his phone number, let's say, and you simply enter some purchase in an online shop in America, Australia, Germany, you pay with this someone else's card. That is, it was called clothing carding, and you, it turns out, enter the billing address in one field, that is, the payer's address, in the second field you entered, for example, the shipping address, that is, your personal address or your grandmother's address there, or the address of your drop, yes, a front man.
And it turns out that earlier you could send, you can have a great billing address, well, like you're sending it to someone as a gift, a relative, a friend, I don't know, a MacBook, like mine, and then this thing went wrong and you had to order only to the payer's address. That is, billing and shipping, if they didn't match, then the goods simply weren't sent to you. And here he sings in the song, Slava, that they didn't give a damn about billing, that is, they sent the goods to a drop, they sent the goods to a drop, if the shipping address and billing address were great.
It was in such shops that they were quite rare. Now there are practically none that would send to an address different from the payer's address, but then on the droppers, yes, on these front men from among distant acquaintances and alcoholics and all sorts of strangers, because there were special drop services that were kept there in different countries, they had a bunch of all sorts of acquaintances,
personal or online, and just those people, the droppers, they accepted goods in different countries and received some fixed fee for it, for example, 15, 50, 100 dollars, depending on the value of the parcel, repacked it in another package and then sent it to you in the CIS, for example, it was called a drop service.
What is an "exploit", one of the main weapons of a hacker?
Slava KPSS:
By means of a cunning exploit, the obtained base.
Pavlovich:
An exploit, if you don't know, is just a hacker's tool, a script that uses, puts into action a certain vulnerability.
And with it, stores, banks, hotel chains, and whatever else are hacked. That is, an exploit, along with vulnerabilities, is one of the main weapons of a hacker, because an exploit is, let's say, a script that uses a vulnerability you found, for example, you found it in a store, the most common vulnerabilities now are SQL injection, that is, errors in the SQL database, MySQL, and an exploit simply exploits this vulnerability that you found, and through SQL errors are simply introduced into some site you are attacking, and from there you can steal and gain access to all clients, drain their entire database, and their payment details, and cards, and whatever you want.
"You need to "check", and then you can drain it for sale" - about bank card checkers.
Slava KPSS:
The database needs to be checked, and then it can be sold.
Pavlovich:
He says that the database is needed, the database obtained by the exploit needed to be checked and sold. That is, to check it in carder, in this cybercriminal slang, was to run it through a checker, yes, a check is from English, but a checker is from the English "check a check".
That is, how the checkers were arranged, for example, someone has access to a hacked porn site, for example, and he goes through their internal merchant, well, that is, a small processing center, but this is not a processing center in fact, but a merchant, this is a mini-processing point for a certain site, let's say, here, and you
simply withdraw some small amount from the card that you need to check, a couple of cents, for example, and you look at what your merchant gave the answer, there 0-0, approval, for example, yes, that means the card is working. But there were such funny situations, I have a client today for 1000 cards, let's say, and I have a transaction there for 1000 for 20 dollars, I run them through this checker so that I can give the client exactly 00 with a response from the terminal, 00 approval, that is, only a working card,
and I ran them through the checker, and this checker is already so exposed, and damn, my entire batch of cards is blocked there for 10-20 thousand dollars, they just block, and you don't know who to make a claim to. Well, there were checkers then, they still exist. Their operating principle was like this.
Who are these "droppers".
Slava KPSS:
On sky-fraud.ru, where there are tons of droppers with their hands, they will tear off the base ...
Pavlovich:
He then advertises one forum, which probably ordered this song from him, yes, I wonder, Slava, how much did they pay you? Write in the comments.
And he says, there are tons of droppers on such and such a forum. Droppers are, as you might have guessed from the context of an earlier conversation, those who have a bunch of drops in different countries who simply forward your packages from the West, because you have an American card, for example, so you need to enter an American, and they simply send you their drops in America later in the CIS.
That is, droppers are those who own a bunch of drops.
"Iron Shield TrueScript" is about a mistake in a song.
Glory to the KPSS:
Take your mind, until you face prison, I'm not afraid of a visit, a USB drive protects better than a contact, the iron shield TrueScript, give me a strong spinzer.
Pavlovich:
TrueScript iron shield, that is, here he made the first factual mistake, because TrueScript iron shield, Script is generally a website code, let's say, or some executable program, that is, some executable code. But he says true script, in general it is correct to say true crypt. True crypt is simply a program for encrypting data completely there according to very long complex algorithms, they can be selected on your, let's say, disk, yes, you can encrypt, create a virtual container there, well, encrypted with this very true crypt.
Before true crypt, this is an open source developer, before true crypt. All hackers and carders, cybercriminals, they used DriveCrypt developed by the Israeli military, there was such a paid program or you could find keys to it there or BestCrypt. And you know, even the scientists themselves, who in America have such a CERT, this is a service, well, like SOBR, yes, a special rapid response unit under the police, let's say.
The same thing in Western intelligence agencies and police, there is CERT, a computer rapid response team. And CERT specialists often go to all sorts of arrests, there are suspects together with the police, or with the FBI, or with the secret service, as in my case, for example, and this CERT, well, these are such big computer specialists, in the CIS they have an analogue, for example,
a company called Group IB, yes, I will now be filming an interview with its bosses on August 17, I think, so if you have any questions about computer security, about carding and everything else, throw them in the video, we will ask them in Group IB, you can read what it is Ilya Sochkov. So, about bestcrypt, SERD specialists and other cyber, these various analysts, fighters against cybercrime, they say that if the information is encrypted with bestcrypt and in the presence of a long and complex password, yes, well
it is clear that it is not 1, 2, 3, 4, 5, but some symbols of 20, 30, different registers, asterisks, all sorts of service symbols, then they practically, I am quoting this almost verbatim, they practically do not allow the thought that they could hide such a password, crack it in the usual way. That is, as a rule, either someone in Russia can knock it out, yes, or in Turkey, here Maksik got, they can knock such a password out of you, they can simply deceive you somehow by promising that you are there, the investigators of the garbage and then throw you, yes.
In America, this is most often the case, they understand that it is unrealistic there for the next 50 years the password is so long, well, the disk is protected by such a password and it is impossible to crack it with bestscript, and therefore they simply offer listen, well, let's give you the minimum there, you are facing life imprisonment or 20 years, let's give it 5 years, but you give us the password yourself, and now all this is mainly used for this, the Truecrypt program, and Slava, due to
its ignorance, received the money, did not learn the facts, and he sings like True Script, well, since he is an amateur in this, we can forgive him for this.
"While the screamer beeps, and the pins are being entered" is the second mistake in the song.
Slava KPSS:
And I sleep soundly, while the screamer beeps and the pins are being entered.
Pavlovich:
Hehehehe, I'll listen to this now, I just found it very funny.
Slava KPSS:
This is how he protects the USB drive, the iron shield of the Russian script. And I sleep soundly, while the skimmer is beeping and...
Pavlovich:
While the streamer is creaking something there. He says, the streamer is creaking there, right? That is, what is a streamer? Well, I don’t know, the streamer is probably me, when I blog on YouTube. That is, you are watching a live stream, a streamer. In fact, we are talking here, this is the second Slavic-factual error, we are talking here about a skimmer, this is a device like this, I will display it on the screen, a skimmer, most often, is a thing that is hung on the card receiver
of an ATM, and at the moment the card passes, when you insert it into the slot of the ATM, it passes through your special overlay, they are like this, like this, like this, well, or even like this, and when the card passes through this skimmer of yours, it, all its data, the dump, the info from its magnetic strip, it is simply copied into the built-in memory of your skimmer.
And there are skimmers that simply have built-in memory, yes, and there is a battery there, and there are skimmers that are more advanced, more expensive, which contain a GSM module and send you dumps that they managed to remove directly to your email. These models, they are more advanced, because you immediately receive dumps once an hour, for example, that passed through your skimmer, and suddenly there are bank employees singing cassettes with cash to load or there to repair an ATM, they will notice this fake overlay and remove it, or
the police are there, or someone will notice, but won't show it, let's say you come to take your skimmer off the ATM, and you're already there, hello, hello, dear, in short, these shrimps will twist the fins and that's it, and take you to jail. That's why skimmers were such things. But you may ask, and dumps, yes, and pins, how to get pins in this case? Well, for pins another thing was used, that is, it was either a video camera, where you stick it somewhere, I don't
know, next to the ATM somewhere on the lid or on the side, on the wall, yes, or there, I don't know, put some magazine there, like hang some kind of box supposedly for information bulletins, and attach your video camera there. Or the second more advanced method, you can find it for every ATM there in the Darknet, they used overlay keyboards, which are simply placed on top of the original keyboard, the latter is pressed down a little and this overlay keyboard simply records all the PIN codes that a person entered, PIN codes, amounts, and so on.
This is called a skimmer, but in no case, Slava, this is not a streamer. By the way, if I were the owners of this forum, yes, who paid Slava for this song, I would, of course, not accept such a hack job, that is, I am a perfectionist, it sometimes hurts me a little, but in principle I like to polish everything before doing it.
Therefore, I simply would not accept this song from Slava, and if he had already flatly refused to rewrite it, oh, the studio is there, yes, well, I would have simply demanded part of the money back.
About "Trojan horses" and Trojan viruses.
Slava KPSS:
In the pocket. Number six zeros. Equivalent is a fool again. You have poured someone again. There is no such thing as too much cardboard. And the flow of transactions at the expense of Mr. Johnson on white plastic. Having let into the Trojan horse, Troy once fell.
Pavlovich:
Having let into the Trojan horse, three fell. Yes, if you haven't seen the movie "Troy", watch it. Here. There the enemies besieging Troy, they simply could not take the impregnable walls of the three. By the way, it's a great movie. One of my favorites with Brad Pitt. Very cool filming. If you haven't seen "Troy", in short, I highly recommend it. But the enemies of "Troy", when they besieged it, they could not get through the high walls, and the defending archers could not get into "Troy".
Then they sent them a Trojan horse, they simply allegedly made such a gift to the gods. They made a wooden horse, and the warriors sat on it, and they dragged this huge horse to the gates of "Troy" and left it there. But the Trojans decided that this was a gift for the gods, that maybe the war between us would end, they dragged it into their city, and in the evening the warriors safely climbed out of this Trojan horse and destroyed all of Troy.
And Brad Pitt played in the film "Achilles". But after that, a Trojan is called a Trojan, a Trojan horse, yes, well, a Trojan horse is correct, but in general, among programmers, hackers, and carders, it is naturally called a Trojan. It is simply a malicious program that completely subjugates your computer and performs certain actions. That is, it can control your computer, it can use it to send spam, that is, it will get into a botnet, but we will hear about this later, and it records
all the data of your clicks, the screen, etc., so it can still be infected by Trojans, it seems to me, if a virus, when you get infected, can simply screw up your computer, yes, let's say, some files there, create millions of copies, all sorts of files, then Trojans, when you get infected by downloading porn from free sites, yes, my young viewer, Most often, of course, the Trojan steals this banking information, all your accounts on social networks, then money disappears from your banking, and your accounts on social networks are simply stupidly put up for sale.
"An embosser stamps plastic" - what is an embosser.
Glory to the CPSU:
In my corner, an embosser stamps plastic.
I enter the card”, “dollars will run away to me on the ‘stick’” – about shopping with stolen credit and debit cards and using PayPal to cash out money).
Pavlovich:
Well, I don’t know, you could say that this is his third factual error, but let’s leave it, let’s not number it, let’s not classify it as an error, let’s just tell you what an embosser is, it stamps plastic, to some extent you could say that it stamps, but an embosser is so that you understand when you make a copy, there’s a clone of someone else’s card, I have one, let’s say, an embosser is a huge thing and quite expensive. I had a Matic for three or a Matic for one, it was $9,000, I think. I paid a huge printer for it. You just insert a series of cards there, and it produces these on the card, well, it produces these numbers, yes, these numbers, it squeezes them out from the other side, and there’s another thing, Slava, of course, doesn’t talk about it, it’s a tipper. A tipper is one that foils the letters stamped by the embosser with gold or silver foil, and it turns out that expensive models of embossers, my Matic is Z3, it had a built-in tipper, that is, you inserted the card, and with it, from this, after this embosser, a card comes out with an embossed number, and it is already painted in silver or gold, depending on the design of your card.
Therefore, we can, in principle, yes, say a little bit that it stamps the cards.
A couple of minutes and I enter the card, yes, they enter the card into an online shop, some other person's card, to get the goods, or they enter it on some dating site to get a premium account, or they enter, let's say, the same thing, again, the scheme, he enters an account on a dating site for dollars, let's say, 100-200 from someone else's card, but he has an affiliate program, a referral program affiliates this, yes, a referral link, he acts as a webmaster, bringing to this site acquaintances with, let's say, clients, but he simply enters from other people's cards in parallel, buys these premium Macs and has 40-60% of the cost of the amount entered there, from the cost of this premium Mac. And I did exactly the same thing back in the day, that is, you act as a webmaster, let's say, of porn sites, you pour traffic, that is, you get 40-50-60 dollars there for each subscription you sell, but you also periodically enter from left cards, you enter there and you get 40-60%, yes, I basically always got from any subscription on a porn site. Well, more often, of course, this is used, you enter, I don't know, you can enter in Uber, food in Yandex, yes, some flowers, that is, either just in an online store to get some valuable goods, that is, either we enter the card in the store, or in the service.
Now let's listen to this excerpt again, he says I enter the card and the dollars will run to my stick, that is, the stick means PayPal, that is, PayPal payment system accounts and there are a lot of different fraud schemes with PayPal, so you can link a card there and from it, you can link a bank account, for example, you can use a card and you already pay, let's say in some store it accepts PayPal, let's say you pay with PayPal, but the money is withdrawn from the bank card, or most often from the bank account, here are your victims, that is, whose data you stole.
Rippers - who are they?
Glory to the CPSU:
Goodbye America, goodbye! The fat cop won't accept us. A carder doesn't steal from his own, because rippers are worse than rats.
Pavlovich:
A carder doesn't steal from his own, because rippers are worse than rats. That is, well, I think I don't need to explain the meaning of the word carder to you, right? In general, it is formed, I will tell you, who does not know already, okay, it is formed from the English card, and a carder is someone who is engaged in fraud with credit, well, with bank cards in general, because the cards may not only be credit, they can also be debit, there are debit with overdraft, which allow you to go into the minus a little. Well, such a hybrid between credit and debit cards. So, a carder is someone who specifically commits fraud with these cards, with bank accounts there less often, well, and the word carding itself, yes, that is, this is fraud in the field of bank cards. Carding and the person who carries out this action, the carder.
And here he says rippers, rippers are in our environment, I don't know what RIP Rest In Peace, yes, rest in peace, I don't know where it came from, but a ripper has always been a scammer, that is, in our environment, for some reason, rippers have always been called scammers. Well, who, you know, they are rippers, well, just a scammer, maybe you pay for something on Avito, yes, and you were scammed there like a sucker, let's say, and rippers were mostly meant as these half-rats who scammed among our crowd, among their own.
Here on the forum there was, let's say, Jax was such a dude, yes, here's my fanatic friend, a famous carder, by the way, and a more famous rapper, and he sang a song, why, he's a very cool music artist, I'll leave a link to his album under the video, but he became famous for singing the first song about Carders, and there was such a character in his song, so I'll even turn it on a little now.
About carder Jax, that is, Jax, if my memory serves me right, he earned a reputation for himself on carder forums in the cashing sphere, and then simply, well, maybe built a union, poured money on his drops, let's say, and then when he already had a reputation, he simply screwed everyone for 100 thousand dollars.
NTL:
But suddenly Jax wanted to measure money in meters. He screwed all his familiar carders for fifty kilobacks. Sold reputation, became a scammer, and not afraid of a dagger and funeral with a guitar...
Pavlovich:
And this is such a dude, he was called a ripper, of course, in our environment. They were small, large, there were... But there were, by the way, quite a few of them. That is, it should be noted that there were still some rats in our environment.
""Wire" without a chargeback" - the meaning of the words "wire" and "chargeback".
Slava KPSS:
"A premier carder does not steal from his own, because rippers are worse than rats. Again, wire without a chargeback, successful phishing."
Pavlovich:
"Again, wire without a chargeback." Wire is from the English wire transfer, this is a regular bank transfer, yes. "Again wire without chargeback", that is, when you have access to someone else's bank account, you simply make a wire transfer from it, a transfer to your bank account opened for your drop, preferably in the same bank, banks, so that it is not an interbank and especially not an interbank international transfer, which takes 2-3 business days, that is, working days, and you, for example,
access to a hacked account in the American bank network, accordingly, you in the American network ideally should have this same account on the drop, and you just make a wire transfer from it, a bank transfer from someone else's account to yours, to the account of your drop. And he says wire transfer, wire without chargeback, and chargeback is when the victim, yes, the victim, that's who the victim is, from whom you stole money, he notices this loss, and he then signals his bank, the police and says, I did not do this transaction, and a chargeback comes, that is, from your account, where you drained the money, just a return goes, chargeback.
There is also such a concept as a refund, this is when you say yourself, no, well, I don't want to go here, return the money to the bank account, well, from which it came, a refund is called. Well, but in this case, chargeback is a forced withdrawal of money from the account where they went.
What is "phishing" and how is it different from fishing?
Slava KPSS:
Again wire, without chargeback, successful phishing.
Pavlovich:
Successful phishing has been mentioned, phishing is when you simply make, say, a website on the Internet, repeating the website almost in detail, there is a bank, yes, and simply under various pretexts lure users to your phishing website, or send them an e-mail newsletter on behalf of the bank, or call them, in some other way, messenger spam, in groups, in chats. It repeats, say, the bank's website completely, but of course it cannot have bank.com in the website address line, it can have some bank2.com, for example, and if you don't look there carefully, you will think that you are on the original Sberbank website, you enter your logins, passwords and other valuable information there, and the attacker will steal it. And all this is called by the general word phishing.
Phishing is from English, well, it's a little distorted from English phishing, fishing, yes, only if fishing is written with an English f, phishing, then this computer phishing, it turns out with ph phishing, but it is pronounced the same as phishing.
Slava KPSS:
And so the botnet expanded, the decibel is quieter ...
Pavlovich:
A botnet is when your computer or mobile phone, it is already infected, let's say, with a Trojan, and now it is controlled by a malicious person, something through your IP, let's say,
can be bought on bank websites, blackmail someone and your IP will already be visible, let's say, or used to send spam, for example, through your computer, you don't know, it is infected with a Trojan, it actually becomes a bot, yes, and enters this botnet, into the network of these bots, the hacker who infected you, it turns out. And there were huge botnets, I don't know how it is now, but in my time there was a Spanish one called Mariposa, it was a botnet, I think, for 12-7 million computers.
Now they make botnets for mobile devices too.
Ah, well, damn, Slava has already broken us off, our song is over. Well, guys, such a song, a song, naturally, paid for, I wonder how much the carding forum advertises for. But I liked this approach, quite creative, yes, and it seems to me that the owners of this forum guessed very well when they ordered this song from Slava, but here are a few Slava two factual errors that would need to be worked on if you were dealing with the order of this song with me.
Thank you for reading, any questions there about VPN and cybercrime in general, ask them under this topic, know for yourself, I read every comment. If you meet Slavik KPSS in St. Petersburg on the street, say hello, that's it, thanks, hugs, bye.
