Cloned Boy
Professional
- Messages
- 1,087
- Reaction score
- 834
- Points
- 113
CARDER STOLE A MILLION $.
Interview with former cybercriminal Sergei Pavlovich. Secrets of carders and hackers and how to resist them. Belarusian law enforcement agencies and their differences from American ones. Uncensored!
Contents:
Interviewer:
Good evening, and today we will continue the topic that we started in the previous issue, when we talked to Sergei Pavlovich. Sergei Pavlovich is a man who spent 10 years in Belarus without causing any harm to Belarus, who is still on the international wanted list, and who America has a grudge against. And today we will talk about what America has a grudge against, how it all happened, what Sergei did.
And here, not being an expert, I will immediately give you the floor, Sergei. Please explain what it was, how it happens to our guests, who may not be quite versed in this. You were a carder, so-called, right?
What is carding and how is it different from hacking?
Carder:
I was a carder, and almost no non-specialists see the difference between hackers and carders. For the average person, a person who can reinstall Windows and crack some code in a game is already a hacker, but in fact the difference is huge, because carding is directly fraud related to credit cards.
Interviewer:
So you are such a good fraudster, right?
Carder:
Yes, essentially yes. And hacking, well, naturally, breaking in.
Interviewer:
Hacking is also a crime, one and the same, only there is a break-in that has a bunch of other goals, your goal was to get money, as I understand it, at the exit, right?
Carder:
So hackers hack some, for example, a bank or someone's accounts, get the primary information for work. The carder's task is to correctly use this information and at the exit get money with its help.
Interviewer:
And a little about how it happens. In your book, I'll remind you again that we talked to Sergey about the book "How I Stole a Million", in your book you describe in sufficient detail how, where, what is bought. So tell me, here is your connection with hackers, hackers hacked, let's say, some trading system, then what do they get, what do you use next?
Carder:
Hackers hack, for example, a large retail chain, there are restaurant chains, hotels, and accordingly steal data on credit cards that customers paid with, sometimes with PIN codes, they are naturally encrypted, but in this way the hacker gets his hands on a set of your credit card number plus sometimes a PIN code, accordingly the task of those who are further in the chain, that is, the carders, is to cash out all this.
What is it used for, what were there basically two main methods for. If you have a dump, a dump means a set of what is recorded on a plastic card, on a magnetic strip of a plastic card, or you only have a credit card number, because if some online store is hacked, then it is impossible to steal dumps from there.
Dumps are stolen from networks with POS terminals or ATMs, that is, where the card was physically swiped, where a copy is saved, so to speak, from its magnetic strip. And in an online store, you can only hack the card numbers, respectively, this is the card number, its expiration date, the security CW code and all the owner's data.
With this information, you can only try to buy something foreign in an online store, that is, pay for your purchase with someone else's credit card, that's all.
Having a dump in hand, you can write it down on a blank with a plastic one, with a magnetic strip and go to the store to pay, in a real physical store, and having a pin code, respectively, a dump plus a pin code can be withdrawn, of course, at an ATM.
Interviewer:
And what happened more often, how did you work more often? Had a name, pin codes or do you buy something?
Carder:
So, the first direction that I talked about, that is, buying with someone else's card in an online store, this is called clothing carding, and some Internet fraudsters were and are engaged in this direction. But recently, a number of difficulties with it began to arise, because with almost every purchase on the Internet, with each one now you need to enter a one-time code that you receive in an SMS, and so on.
Accordingly, all this complicated the work, and banks often require you to call to confirm the transaction, ask questions about some confidential matters, for example, the mother's maiden name, which is very difficult for you to find if you are not the owner of the cards, and so on. Accordingly, this direction is gradually fading away. With a dump, everything is much simpler, because you do not need much intelligence and some serious qualifications to, say, record a copy of someone else's magnetic strip on a blank.
This is done with the help of simple equipment, costing about 500 dollars today, and thus you have a clone in your hands, an absolute clone of someone else's card. And, accordingly, you can just go to the store.
What to do if money was stolen from the card?
Interviewer:
Well, as we know, now a person who has discovered some kind of write-off of funds on his card, after all, many set up SMS notifications, so you come to the store, you swipe this card, you write off money, and knowing the PIN code, you go to an ATM, for example, a person receives an SMS, for example, some kind of notification, and then it turns out that he quickly blocks it, and then you can no longer use it, or people are quite calm about this, and do not block the cards.
Carder:
Well, I don't know how things are now, because I'm very far from crime now. But, naturally, that is, suppose you saw an SMS on your phone that money was sent from your card, knowing that it wasn't you, that is, naturally, the first thing you'll do is call the bank and try to block it. Well, it's more difficult, of course, if you're abroad and so on, but, again, you should always have the bank's phone number for these purposes, written down in your mobile phone or in a notebook.
Because, of course, after the first withdrawal, it's advisable to block it all.
The "code of honor" of carders?
Interviewer:
We won't forget that your extensive work experience, your extensive criminal past experience consisted of taking money from Americans, these were mainly American credit cards.
Carder:
And Western European ones. Those with money on them, Japanese, American, Israeli.
Interviewer:
So it wasn't Belarusians, was it deliberate?
Carder:
Yes, naturally, it was deliberate, because cybercriminals of my age, and I'm 34 now, and my formation, we had a kind of code of honor. We never touched our compatriots, and this was for several reasons. One of them, naturally, is mercantile, because there is no money for them, once a month the salary is transferred to them, it is immediately withdrawn from the ATM, and that's it.
Nowadays, payments using plastic cards are already commonplace, but back then people just received cash and that's it. This is the first consideration, and the second is, let's say, humanistic, probably, because our fellow citizens have already been robbed by the state more than once, when the USSR collapsed, all deposits burned up, and so on, and these beggarly
salaries, and if we are going to snatch from our own, it is not good enough, let's say, in our time, there were enough Europeans and Americans.
Interviewer:
There were enough with the Americans.
Carder:
And before, by the way, everyone adhered to this rule very strictly. Well, this is, as I say, a kind of code of the unit.
Interviewer:
You said before, you know this 100%, but that was before.
Carder:
Because I myself was a participant in this, and we constantly propagandized among ourselves, and there were cases when the seller, well, a hacker, let's say, the owner of a dump database or just credit card numbers, simply immediately before the start of the sale deletes all the CIS cards from there. Well, this happened, this happened before my eyes, this was really adhered to. And it was very rare to see a message that Sberbank had been hacked, or that firm A in Moscow, for example, had been hacked.
Well, if you did that, it was often someone from abroad. But now hacking your fellow citizens and deceiving them is the order of the day.
Interviewer:
You know about this, right?
Carder:
Well, it's easy to find out by opening the same Security Lab website and simply reading the selection of crime news for today. Sberbank was hacked, the Takayta company's catacomna, and so on.
Interviewer:
And do they have roots here?
Carder:
Yes, yes, here. Here, because sometimes these guys are found, naturally, they are shown on TV, and so on.
How to save money on a card?
Interviewer:
Well, now that you've left your criminal past behind. It seems to me that a rather useful practical meaning of our conversation would be, again, to tell our compatriots what is best to do now, how to behave best when you simply become the owner of some card. Maybe some advice?
Carder:
There really isn't much advice, and it's all just common sense. That is, the first piece of advice, naturally, is not to write down the PIN code on credit cards, they still write it down, especially those who have many cards, and women often write it down.
Either not on the card itself, which means they put a sticker on it, a little yellow piece of paper, and they write it on it, or on a piece of paper in the wallet, he loses the wallet, it automatically gives access not only to his card, but also writes the PIN code there.
Interviewer:
There are 5 cards and 5 PIN codes, they call it "try to pick up".
Carder:
Well, for example, this is again connected with the fact that it is difficult to remember. You really have 5-10 cards for someone, it is difficult to remember the PIN code for each. Well, for example, Sberbank in Russia now allows you to set the PIN code on your card yourself, and you set an easy number there.
Interviewer:
Easier to remember, right?
Carder:
Yes, it is easier to remember, but that is one thing, and one more thing. Then, even if you are already writing it down, you can do it so that you write down one more digit. Well, that is, you can write it down in such a way that it is clear to you, but it is not clear to the thief, or whoever finds or steals this card.
Interviewer:
That is, you can write down a digit that will have your four-digit PIN code somewhere in it, right? Or write it backwards, for example, that is, you.
Carder:
You know how, but the thief will not understand. That is one piece of advice, do not write the PIN code on the card. That is. The second piece of advice is, naturally, if you do not have SMS notifications, then set them up, of course, for the withdrawal of any amount.
Interviewer:
That is, at least you will immediately receive information that something is wrong. Of course, sitting at home, receiving such an SMS, if it was not your spouse who took the card, you understand that something, someone is in the mouth.
Carder:
Someone, yes, steals from it. Thirdly, of course, write down the number of the servicing bank, that is, the issuing bank that issued the card in your mobile phone, because, as a rule, no one does this. And when the card is feverishly lost or stolen, which is even worse, you start feverishly looking for the bank number, where to call to block it. But it is written on the card, and you do not have the card at the moment.
Accordingly, you should write it down in your mobile phone in advance. And also, naturally, cover the PIN code with your hand when withdrawing, so that no video camera can read it.
Then, when withdrawing, say, cash from an ATM, of course you should pay attention to whether there is a fake overlay keypad, a second one that is used to remove your PIN code, whether there are any video cameras nearby, of course you can take a look, and on the card receiver itself, whether there is some kind of overlay, although, of course, this is called a skimmer, they are now so technologically advanced that it is quite difficult to remove this overlay, if it is there.
Well, and, of course, if possible, use ATMs installed in the bank's premises, because it is much more difficult for an intruder to approach such an ATM and install a device to remove your dump and PIN code, and no one will go into a trap themselves. Probably, the only advice is not to give the card to anyone. Naturally, name it less to anyone, show it less, take pictures of it.
You don't give the keys to your apartment or your passport to the first person you meet, and so on. The same thing, just a healthy paranoia about your card, because it's the key to your bank account.
Interviewer:
Tell me, please, contactless cards are in use now, they can be read at some distance, there's no danger that someone can buy a reader like that and use it in the subway.
Carder:
These are usually radio waves.
Interviewer:
These are radio waves. What's their range? From what distance can your card be picked up?
Carder:
I don't know. MasterCard, PayPal. Well, you have to read the technical specifications. I just haven't studied them. Well, I think it's a certain whim. That is, you pay more for servicing a contactless card, somewhere around 15 dollars a year. That is, well, why, I have three cards there, let's say, why should I pay an extra 15 dollars for this, it's not hard for me to get them and swipe them. Well, naturally, this is a standard that will come into force and become unified over time, but for now, I think, this is a small whim.
Plus, naturally, this is a radio transmitter, and any information transmitted via a radio channel, be it a car alarm, or your card data, or a Wi-Fi signal, that is, naturally, can be intercepted and read. But these are isolated cases.
Interviewer:
Have you ever heard of someone catching a contactless card on a radio channel and then stealing money from it?
Carder:
Well, not yet.
Interviewer:
Not yet.
Carder:
And I haven't come across it on SecurityLab or any other sites.
Interviewer:
So, probably, for now this is a purely theoretical threat of danger? Well, of course. Because it seems like it hasn't become serious and important.
About hackers and the elections in the USA.
Carder:
By the way, all TV channels, both American and European, raise this issue, that it was in connection with the hacking of the US electoral system. That is, I'm saying that 90% of hackers are profit-oriented. Why would he hack the same US electoral system or some bank, well, they are about the same in complexity.
But why would he break this election system if he could hack banks and get rich the next time? 90% of hackers are profit-oriented, it's just plain theft for the sake of profit, 5% of course are motivated by ideology, he'll hack a Nazi site, block its work because he's a pacifist there, and 5% are scriptkidzi, kids who just hack sites for fun, he wants to prove to himself that I can hack my neighbor's site and deface it, deface it, replace the main page, post the site hacked by Vasily, for example, that's it.
And 90% of hackers, naturally, are only profit-oriented.
About law enforcement agencies.
Interviewer:
But tell me, please, the other side of this process, it's our law enforcement agencies. They didn't have computers there before, they had typewriters, right? Now the situation has changed significantly, seriously. How would you rate their level of training, are they keeping up with hackers or are they already lagging behind?
Carder:
I would rate the work of law enforcement agencies, say, Belarusian ones, very highly, because I put them in the book, and I think I argue, I put them in second place after the Americans, after the secret service and the FBI. But there is one important difference between our law enforcement agencies and the same American ones, because the latter, like the Western ones, focus mainly on crime prevention.
That is, ours, due to a small staff and small funding, have to clean up crimes that have already been committed, either by fact or by a statement from the injured party. And the same Americans, they allow themselves to infiltrate criminal groups, this tactic was also used against the fight against the mafia, against organized crime. They infiltrate groups, their rank-and-file members, rank-and-file figures are of no interest.
They develop the same hackers and carders for years, three at a time, in this case, they developed me for four years. But they make test purchases, they gain trust under the guise of a person from your environment. And in the end, they destroy the group from the inside. Well, they just cut off the dragon's head and that's it. That is, the tentacles fall off by themselves, they are not interested. Well, that's the main difference.
And so, Belarusian law enforcement officers are very well developed in this regard, they constantly go to all sorts of seminars, including in America, they have very good advanced equipment, software, and their heads are in the right place, of course, because in terms of the same passwords, yes, the Americans will stupidly sit according to the instructions, pick it up, say, for six months by brute force.
Interviewer:
Our creative ones?
Carder:
Yeah, our guys will somehow turn on their brains, let's say, and think about what kind of passwords there could be, well, I've just come across passwords there, they literally get passwords in a day that would take two years to find out by brute force. They just thought that maybe, that's it, they somehow put it together, Well, I mean, our guys are great at that, of course.
Interviewer:
Listen, so it's true, it's like in the movies, yes, sometimes you see a person like that, it just dawns on him, yeah, well, as a rule, there, 5 seconds before his autumn explosion, what password should he type, right? That is, that happens, right? That the password can be somehow like this...
Carder:
At the level of autumn, at the level of insight, it does not happen, of course, but there is analytics, that is, there is analytics, that is, the circle of communication of the suspect is studied, there, his date of birth, his car numbers, there, his mother's date of birth and so on, dog nicknames, and, perhaps, something from this, or a combination of these, this information will be the password. But it often turns out that way, Especially for women on VKontakte, the password is often the car number.
That is, four digits, two letters.
Interviewer:
And, probably, these are the most common mistakes of our people who generate passwords that are simply so obvious that, strictly speaking, a schoolboy can probably hack them.
Carder:
Yes.
Interviewer:
Still very short. And short, right? Yes, of course. Well, password recommendations, I think that here, in principle, everyone already understands. Even any social network, any site begins to tell you that your password is not like that, or here too.
Carder:
No, this is generally a misconception. Because the VKontakte network is hacked very often. For some reason, despite the fact that many already know that the password should be complex and long, it is hacked in just a few hours.
Interviewer:
But they leave it, because people still have not advanced far in computer literacy, they leave the same small passwords. Yes. Yes, that's why.
Carder:
Yes, and I would certainly correct this situation, because the same "Contact" in this way, yes, by allowing people to set such simple passwords, it essentially condones the commission of crimes, that is, the attacker scans there using the brute force method, finds out someone's passwords, then starts sending spam, pornography from this account, blackmailing, breeding in some other ways, and for some reason very
strong, which is what the VKontakte network is guilty of.
Interviewer:
So you are saying that you would recommend that the website owners themselves, the owners of social networks somehow limit the possibility of entering small simple passwords.
Carder:
Yes, definitely.
Interviewer:
At the program level itself.
Carder:
This is my firm conviction, of course. This should be done all over the world.
What is social engineering?
Interviewer:
Sergey, are you familiar with such a concept as social engineering? What is it?
Carder:
Yes, social engineering is when, for example, when it is impossible to hack something and achieve it using technical methods, that is, hacker methods of hacking, then social engineering or engineering comes to the rescue, this is when the victim, for example, can be called or sent a letter and by some trick, fraudulently composed, tell you confidential information that you currently need for further hacking.
This could be, well, for example, the mother's maiden name, I need the victim, yes, in order to get final access to the bank account. Here it is in my development, so I found out his e-mail, and I write to him there under the guise of some, some store, let's say, it's your mother's birthday, there, here,
let us know, we want a gift for her, a gift for you, a gift for her, respectively, tell us her full name, there, last name and so on, so that we can send it all, arrange it. Well, in the case of the mother's maiden name, something connected with the school, for example, the school administration, some archive of the best students, tell the mother's maiden name.
Yes, well, each case is individual, naturally, that is, everyone needs it, a different approach.
What is your attitude to alcohol and drugs?
Interviewer:
In our country, in our post-Soviet space, it is probably accepted as a tradition to drink alcohol. Moreover, the consumption is sometimes completely uncontrollable. Then at one time they fought against it. Toxicomania came to the forefront, yes. Then they seemed to stop fighting alcohol, they started sniffing less, drugs appeared. Now we are fiercely fighting drugs, with everything connected with them. On the one hand, there is alcoholism, which has been inherent in our society for centuries.
There is drug addiction, which has emerged relatively recently. We are now fighting drug addiction very seriously. Maybe, with alcoholism, on the contrary. Please, go to any store, at any time, everything is available, everything is produced, everything is officially produced by the state. So, what do you think, where is the greater evil, in what place in our tradition, when they got into ours or in drug addiction.
Carder:
I saw two sides of the coin there, I had an alcoholic, yes, and I saw hundreds of drug addicts behind bars. A drug addict, well, he steals the maximum, that is, they are pickpockets, these are drug addicts, yes, but they do not walk the streets with an axe, they do not swing, they do not kill left and right. That is, I watched, observed, compared, analyzed, talked a lot behind bars, 90% of all serious violent crimes, these are murders, rapes, serious bodily harm, 90% of them are committed under the influence of alcohol.
Not drugs. And, of course, the saddest thing is that many do not remember what they did in the morning. That is, he killed, he is tried, he is given 20 years, but he does not remember how it happened, because he drank his own head. And why did he drink? Because there is no culture of drinking from childhood, like in Italy, France, Spain, in countries where children are gradually introduced to alcohol from childhood and so on, a family tradition.
Our people drink not for pleasure, but to turn off the head, essentially, to forget and something else. And accordingly, they do not remember it. Therefore, answering the question, let's say, yes, what is more terrible for society, alcohol or drugs, that is, I am absolutely convinced that alcohol, of course.
But, nevertheless, I am not saying that drugs are good, I am saying that both bad alcohol and drugs, any excess is bad for a person, naturally, and for those around him, but for society, of course, alcohol is more terrible, but we mercilessly fight drugs and at the same time produce cheap alcohol, accessible, cheap. Drug addiction is, let's say, more of a problem for one family. That is, if there are drug addicts in the family, then those around suffer. But he does not go around killing left and right.
An alcoholic, he is generally not subject to any control. Not only does he harm the semester, but society as a whole.
Interviewer:
Yes, as a rule, a drug addict is a person who is more suicidal than socially dangerous.
Carder:
But, as I already said, both are bad, naturally.
What credit card should I get?
Interviewer:
Well, we are talking about vices now, yes, there is also smoking, which is also nothing, but probably the least dangerous, and there are also, okay, let's not talk about everything, there are many things. If, let's say, you yourself decided to save all the money on the card, I know you have a card, you had them before, judging by the book, a lot of different types of these cards, so if you were giving someone advice on which card to get, what would you say?
Carder:
I would advise the cheapest one, that is, this is the classic, if we either take Visa or MasterCard Standard, because there is no particular point in overpaying for the annual servicing of the same Gold card, although yes, with it you can book a table in a restaurant somewhere, have a bigger discount somewhere.
Interviewer:
Well, as a rule, they forget about it, the registrars are lying.
Carder:
Yes, that's the point. They don't know and just pay more because of the status. Here I have a Gold card, and technically it’s the same card as the Classic, but you pay twice as much for its annual service. Well, naturally, I would recommend the cheapest card.
Interviewer:
But the pies, all this priority pass, these are all, most likely, some kind of marketing ploys, which are more likely to raise people’s status.
Carder:
Yes, both for show.
Interviewer:
Well, show-off and status, yes, nothing more.
Carder:
Of course, yes.
Interviewer:
And then, in general, when you take out your card somewhere in a store, it’s probably not very desirable to show it off. That is, what’s the show-off in that case, if it’s something that warms your wallet?
Carder:
No, well, if you take out a black card, black in color, there, in society, among those who know it, everyone understands that you’re doing very well in life.
Interviewer:
And what are black ones?
Carder:
Black ones are American Express Centurion, black Diners Club, there is also a black Visa, Visa Black Card, well, these are cards for very wealthy people, because the same Amex Centurion is issued only to those bank clients who spend from 250 thousand dollars a year and more on the card.
Interviewer:
Well, and accordingly, the account must be at a certain level. That is, the amount of money.
Carder:
That is, a card, for example, Amex Centurion, it is impossible to buy it there, they will simply offer it to you when you reach a certain level as a client-bank. Interviewer
:
Well, that is, this is not the question of what kind of card you would advise someone to get. It is impossible to get such a card. Well, today we talked about, basically, Well, how to protect yourself from someone getting into your own card, stealing anything, depriving you of anything for your well-being. As far as I understand, there are still no recipes that would in any case protect you 100% from anything. Do
I understand correctly?
Carder:
Only healthy paranoia, only.
Interviewer:
Only, yes.
Carder:
And common sense is caution, of course.
Interviewer:
But this can minimize your risks in storing money on the card, its use. That is, probably, in some way there is such a global meaning of our people, maybe some kind of backstory, when he received something, a card, a salary, for example, went to an ATM, tore it all off in one go and went home. That is probably why, I don’t know, now, in principle, the banking system is popularizing cards.
People really use them more, there are more terminals, more places where you can pay with them. In your opinion, does this not introduce some kind of carelessness to working with your hard-earned money?
Carder:
I think that banks just need to conduct more information work. Because no one essentially introduces a person when they are given a card. Well, this is all understandable, there are few employees, the workload is high. No one bothers to give any client who opens a card, well, at least a short memo, that is, elementary security measures, and to the same cashiers in the store who
service the cards, that is, to hand out what they should do.
Interviewer:
But it seems like they started giving them out, I see, I've had a couple of cards recently.
Carder:
Well, that's common sense, well, in Russia, for example, I haven't seen anything like that.
Interviewer:
I haven't seen anything like that, right? Yeah. I just remember my last card, it seemed like something came with it, but you see again, it doesn't even seem to count that...
Carder:
So spend five minutes on that, I mean, well, tell your client how to protect themselves, that will also protect your money.
Interviewer:
You know, maybe even, for some reason I'll stand up for the banquet a little now, yes, most likely, that they even have, well, as usual, on the websites there is all this information, yes, there may not be safety recommendations, I'm afraid that, probably, the person himself is not yet ready to carefully study such things, you know, like until he... Well, that information overload. And overload, yes. Until he himself touches it, sometimes it already seems that this is not about me. Yes, a week or two ago I would not have thought that a person would be sitting in my kitchen who would tell me how he stole a million.
I will not ask the question, how much did you really steal, a million, not a million, let that remain outside our kitchen. But nevertheless, such a person was our guest today. Sergey Pavlovich, bye.
Interview with former cybercriminal Sergei Pavlovich. Secrets of carders and hackers and how to resist them. Belarusian law enforcement agencies and their differences from American ones. Uncensored!
Contents:
- What is carding and how is it different from hacking?
- What to do if money was stolen from your card?
- "Code of honor" for carders?
- How to save money on the card?
- About hackers and the US elections
- About law enforcement agencies
- What is social engineering?
- What is your attitude towards alcohol and drugs?
- What credit card should I get?
Interviewer:
Good evening, and today we will continue the topic that we started in the previous issue, when we talked to Sergei Pavlovich. Sergei Pavlovich is a man who spent 10 years in Belarus without causing any harm to Belarus, who is still on the international wanted list, and who America has a grudge against. And today we will talk about what America has a grudge against, how it all happened, what Sergei did.
And here, not being an expert, I will immediately give you the floor, Sergei. Please explain what it was, how it happens to our guests, who may not be quite versed in this. You were a carder, so-called, right?
What is carding and how is it different from hacking?
Carder:
I was a carder, and almost no non-specialists see the difference between hackers and carders. For the average person, a person who can reinstall Windows and crack some code in a game is already a hacker, but in fact the difference is huge, because carding is directly fraud related to credit cards.
Interviewer:
So you are such a good fraudster, right?
Carder:
Yes, essentially yes. And hacking, well, naturally, breaking in.
Interviewer:
Hacking is also a crime, one and the same, only there is a break-in that has a bunch of other goals, your goal was to get money, as I understand it, at the exit, right?
Carder:
So hackers hack some, for example, a bank or someone's accounts, get the primary information for work. The carder's task is to correctly use this information and at the exit get money with its help.
Interviewer:
And a little about how it happens. In your book, I'll remind you again that we talked to Sergey about the book "How I Stole a Million", in your book you describe in sufficient detail how, where, what is bought. So tell me, here is your connection with hackers, hackers hacked, let's say, some trading system, then what do they get, what do you use next?
Carder:
Hackers hack, for example, a large retail chain, there are restaurant chains, hotels, and accordingly steal data on credit cards that customers paid with, sometimes with PIN codes, they are naturally encrypted, but in this way the hacker gets his hands on a set of your credit card number plus sometimes a PIN code, accordingly the task of those who are further in the chain, that is, the carders, is to cash out all this.
What is it used for, what were there basically two main methods for. If you have a dump, a dump means a set of what is recorded on a plastic card, on a magnetic strip of a plastic card, or you only have a credit card number, because if some online store is hacked, then it is impossible to steal dumps from there.
Dumps are stolen from networks with POS terminals or ATMs, that is, where the card was physically swiped, where a copy is saved, so to speak, from its magnetic strip. And in an online store, you can only hack the card numbers, respectively, this is the card number, its expiration date, the security CW code and all the owner's data.
With this information, you can only try to buy something foreign in an online store, that is, pay for your purchase with someone else's credit card, that's all.
Having a dump in hand, you can write it down on a blank with a plastic one, with a magnetic strip and go to the store to pay, in a real physical store, and having a pin code, respectively, a dump plus a pin code can be withdrawn, of course, at an ATM.
Interviewer:
And what happened more often, how did you work more often? Had a name, pin codes or do you buy something?
Carder:
So, the first direction that I talked about, that is, buying with someone else's card in an online store, this is called clothing carding, and some Internet fraudsters were and are engaged in this direction. But recently, a number of difficulties with it began to arise, because with almost every purchase on the Internet, with each one now you need to enter a one-time code that you receive in an SMS, and so on.
Accordingly, all this complicated the work, and banks often require you to call to confirm the transaction, ask questions about some confidential matters, for example, the mother's maiden name, which is very difficult for you to find if you are not the owner of the cards, and so on. Accordingly, this direction is gradually fading away. With a dump, everything is much simpler, because you do not need much intelligence and some serious qualifications to, say, record a copy of someone else's magnetic strip on a blank.
This is done with the help of simple equipment, costing about 500 dollars today, and thus you have a clone in your hands, an absolute clone of someone else's card. And, accordingly, you can just go to the store.
What to do if money was stolen from the card?
Interviewer:
Well, as we know, now a person who has discovered some kind of write-off of funds on his card, after all, many set up SMS notifications, so you come to the store, you swipe this card, you write off money, and knowing the PIN code, you go to an ATM, for example, a person receives an SMS, for example, some kind of notification, and then it turns out that he quickly blocks it, and then you can no longer use it, or people are quite calm about this, and do not block the cards.
Carder:
Well, I don't know how things are now, because I'm very far from crime now. But, naturally, that is, suppose you saw an SMS on your phone that money was sent from your card, knowing that it wasn't you, that is, naturally, the first thing you'll do is call the bank and try to block it. Well, it's more difficult, of course, if you're abroad and so on, but, again, you should always have the bank's phone number for these purposes, written down in your mobile phone or in a notebook.
Because, of course, after the first withdrawal, it's advisable to block it all.
The "code of honor" of carders?
Interviewer:
We won't forget that your extensive work experience, your extensive criminal past experience consisted of taking money from Americans, these were mainly American credit cards.
Carder:
And Western European ones. Those with money on them, Japanese, American, Israeli.
Interviewer:
So it wasn't Belarusians, was it deliberate?
Carder:
Yes, naturally, it was deliberate, because cybercriminals of my age, and I'm 34 now, and my formation, we had a kind of code of honor. We never touched our compatriots, and this was for several reasons. One of them, naturally, is mercantile, because there is no money for them, once a month the salary is transferred to them, it is immediately withdrawn from the ATM, and that's it.
Nowadays, payments using plastic cards are already commonplace, but back then people just received cash and that's it. This is the first consideration, and the second is, let's say, humanistic, probably, because our fellow citizens have already been robbed by the state more than once, when the USSR collapsed, all deposits burned up, and so on, and these beggarly
salaries, and if we are going to snatch from our own, it is not good enough, let's say, in our time, there were enough Europeans and Americans.
Interviewer:
There were enough with the Americans.
Carder:
And before, by the way, everyone adhered to this rule very strictly. Well, this is, as I say, a kind of code of the unit.
Interviewer:
You said before, you know this 100%, but that was before.
Carder:
Because I myself was a participant in this, and we constantly propagandized among ourselves, and there were cases when the seller, well, a hacker, let's say, the owner of a dump database or just credit card numbers, simply immediately before the start of the sale deletes all the CIS cards from there. Well, this happened, this happened before my eyes, this was really adhered to. And it was very rare to see a message that Sberbank had been hacked, or that firm A in Moscow, for example, had been hacked.
Well, if you did that, it was often someone from abroad. But now hacking your fellow citizens and deceiving them is the order of the day.
Interviewer:
You know about this, right?
Carder:
Well, it's easy to find out by opening the same Security Lab website and simply reading the selection of crime news for today. Sberbank was hacked, the Takayta company's catacomna, and so on.
Interviewer:
And do they have roots here?
Carder:
Yes, yes, here. Here, because sometimes these guys are found, naturally, they are shown on TV, and so on.
How to save money on a card?
Interviewer:
Well, now that you've left your criminal past behind. It seems to me that a rather useful practical meaning of our conversation would be, again, to tell our compatriots what is best to do now, how to behave best when you simply become the owner of some card. Maybe some advice?
Carder:
There really isn't much advice, and it's all just common sense. That is, the first piece of advice, naturally, is not to write down the PIN code on credit cards, they still write it down, especially those who have many cards, and women often write it down.
Either not on the card itself, which means they put a sticker on it, a little yellow piece of paper, and they write it on it, or on a piece of paper in the wallet, he loses the wallet, it automatically gives access not only to his card, but also writes the PIN code there.
Interviewer:
There are 5 cards and 5 PIN codes, they call it "try to pick up".
Carder:
Well, for example, this is again connected with the fact that it is difficult to remember. You really have 5-10 cards for someone, it is difficult to remember the PIN code for each. Well, for example, Sberbank in Russia now allows you to set the PIN code on your card yourself, and you set an easy number there.
Interviewer:
Easier to remember, right?
Carder:
Yes, it is easier to remember, but that is one thing, and one more thing. Then, even if you are already writing it down, you can do it so that you write down one more digit. Well, that is, you can write it down in such a way that it is clear to you, but it is not clear to the thief, or whoever finds or steals this card.
Interviewer:
That is, you can write down a digit that will have your four-digit PIN code somewhere in it, right? Or write it backwards, for example, that is, you.
Carder:
You know how, but the thief will not understand. That is one piece of advice, do not write the PIN code on the card. That is. The second piece of advice is, naturally, if you do not have SMS notifications, then set them up, of course, for the withdrawal of any amount.
Interviewer:
That is, at least you will immediately receive information that something is wrong. Of course, sitting at home, receiving such an SMS, if it was not your spouse who took the card, you understand that something, someone is in the mouth.
Carder:
Someone, yes, steals from it. Thirdly, of course, write down the number of the servicing bank, that is, the issuing bank that issued the card in your mobile phone, because, as a rule, no one does this. And when the card is feverishly lost or stolen, which is even worse, you start feverishly looking for the bank number, where to call to block it. But it is written on the card, and you do not have the card at the moment.
Accordingly, you should write it down in your mobile phone in advance. And also, naturally, cover the PIN code with your hand when withdrawing, so that no video camera can read it.
Then, when withdrawing, say, cash from an ATM, of course you should pay attention to whether there is a fake overlay keypad, a second one that is used to remove your PIN code, whether there are any video cameras nearby, of course you can take a look, and on the card receiver itself, whether there is some kind of overlay, although, of course, this is called a skimmer, they are now so technologically advanced that it is quite difficult to remove this overlay, if it is there.
Well, and, of course, if possible, use ATMs installed in the bank's premises, because it is much more difficult for an intruder to approach such an ATM and install a device to remove your dump and PIN code, and no one will go into a trap themselves. Probably, the only advice is not to give the card to anyone. Naturally, name it less to anyone, show it less, take pictures of it.
You don't give the keys to your apartment or your passport to the first person you meet, and so on. The same thing, just a healthy paranoia about your card, because it's the key to your bank account.
Interviewer:
Tell me, please, contactless cards are in use now, they can be read at some distance, there's no danger that someone can buy a reader like that and use it in the subway.
Carder:
These are usually radio waves.
Interviewer:
These are radio waves. What's their range? From what distance can your card be picked up?
Carder:
I don't know. MasterCard, PayPal. Well, you have to read the technical specifications. I just haven't studied them. Well, I think it's a certain whim. That is, you pay more for servicing a contactless card, somewhere around 15 dollars a year. That is, well, why, I have three cards there, let's say, why should I pay an extra 15 dollars for this, it's not hard for me to get them and swipe them. Well, naturally, this is a standard that will come into force and become unified over time, but for now, I think, this is a small whim.
Plus, naturally, this is a radio transmitter, and any information transmitted via a radio channel, be it a car alarm, or your card data, or a Wi-Fi signal, that is, naturally, can be intercepted and read. But these are isolated cases.
Interviewer:
Have you ever heard of someone catching a contactless card on a radio channel and then stealing money from it?
Carder:
Well, not yet.
Interviewer:
Not yet.
Carder:
And I haven't come across it on SecurityLab or any other sites.
Interviewer:
So, probably, for now this is a purely theoretical threat of danger? Well, of course. Because it seems like it hasn't become serious and important.
About hackers and the elections in the USA.
Carder:
By the way, all TV channels, both American and European, raise this issue, that it was in connection with the hacking of the US electoral system. That is, I'm saying that 90% of hackers are profit-oriented. Why would he hack the same US electoral system or some bank, well, they are about the same in complexity.
But why would he break this election system if he could hack banks and get rich the next time? 90% of hackers are profit-oriented, it's just plain theft for the sake of profit, 5% of course are motivated by ideology, he'll hack a Nazi site, block its work because he's a pacifist there, and 5% are scriptkidzi, kids who just hack sites for fun, he wants to prove to himself that I can hack my neighbor's site and deface it, deface it, replace the main page, post the site hacked by Vasily, for example, that's it.
And 90% of hackers, naturally, are only profit-oriented.
About law enforcement agencies.
Interviewer:
But tell me, please, the other side of this process, it's our law enforcement agencies. They didn't have computers there before, they had typewriters, right? Now the situation has changed significantly, seriously. How would you rate their level of training, are they keeping up with hackers or are they already lagging behind?
Carder:
I would rate the work of law enforcement agencies, say, Belarusian ones, very highly, because I put them in the book, and I think I argue, I put them in second place after the Americans, after the secret service and the FBI. But there is one important difference between our law enforcement agencies and the same American ones, because the latter, like the Western ones, focus mainly on crime prevention.
That is, ours, due to a small staff and small funding, have to clean up crimes that have already been committed, either by fact or by a statement from the injured party. And the same Americans, they allow themselves to infiltrate criminal groups, this tactic was also used against the fight against the mafia, against organized crime. They infiltrate groups, their rank-and-file members, rank-and-file figures are of no interest.
They develop the same hackers and carders for years, three at a time, in this case, they developed me for four years. But they make test purchases, they gain trust under the guise of a person from your environment. And in the end, they destroy the group from the inside. Well, they just cut off the dragon's head and that's it. That is, the tentacles fall off by themselves, they are not interested. Well, that's the main difference.
And so, Belarusian law enforcement officers are very well developed in this regard, they constantly go to all sorts of seminars, including in America, they have very good advanced equipment, software, and their heads are in the right place, of course, because in terms of the same passwords, yes, the Americans will stupidly sit according to the instructions, pick it up, say, for six months by brute force.
Interviewer:
Our creative ones?
Carder:
Yeah, our guys will somehow turn on their brains, let's say, and think about what kind of passwords there could be, well, I've just come across passwords there, they literally get passwords in a day that would take two years to find out by brute force. They just thought that maybe, that's it, they somehow put it together, Well, I mean, our guys are great at that, of course.
Interviewer:
Listen, so it's true, it's like in the movies, yes, sometimes you see a person like that, it just dawns on him, yeah, well, as a rule, there, 5 seconds before his autumn explosion, what password should he type, right? That is, that happens, right? That the password can be somehow like this...
Carder:
At the level of autumn, at the level of insight, it does not happen, of course, but there is analytics, that is, there is analytics, that is, the circle of communication of the suspect is studied, there, his date of birth, his car numbers, there, his mother's date of birth and so on, dog nicknames, and, perhaps, something from this, or a combination of these, this information will be the password. But it often turns out that way, Especially for women on VKontakte, the password is often the car number.
That is, four digits, two letters.
Interviewer:
And, probably, these are the most common mistakes of our people who generate passwords that are simply so obvious that, strictly speaking, a schoolboy can probably hack them.
Carder:
Yes.
Interviewer:
Still very short. And short, right? Yes, of course. Well, password recommendations, I think that here, in principle, everyone already understands. Even any social network, any site begins to tell you that your password is not like that, or here too.
Carder:
No, this is generally a misconception. Because the VKontakte network is hacked very often. For some reason, despite the fact that many already know that the password should be complex and long, it is hacked in just a few hours.
Interviewer:
But they leave it, because people still have not advanced far in computer literacy, they leave the same small passwords. Yes. Yes, that's why.
Carder:
Yes, and I would certainly correct this situation, because the same "Contact" in this way, yes, by allowing people to set such simple passwords, it essentially condones the commission of crimes, that is, the attacker scans there using the brute force method, finds out someone's passwords, then starts sending spam, pornography from this account, blackmailing, breeding in some other ways, and for some reason very
strong, which is what the VKontakte network is guilty of.
Interviewer:
So you are saying that you would recommend that the website owners themselves, the owners of social networks somehow limit the possibility of entering small simple passwords.
Carder:
Yes, definitely.
Interviewer:
At the program level itself.
Carder:
This is my firm conviction, of course. This should be done all over the world.
What is social engineering?
Interviewer:
Sergey, are you familiar with such a concept as social engineering? What is it?
Carder:
Yes, social engineering is when, for example, when it is impossible to hack something and achieve it using technical methods, that is, hacker methods of hacking, then social engineering or engineering comes to the rescue, this is when the victim, for example, can be called or sent a letter and by some trick, fraudulently composed, tell you confidential information that you currently need for further hacking.
This could be, well, for example, the mother's maiden name, I need the victim, yes, in order to get final access to the bank account. Here it is in my development, so I found out his e-mail, and I write to him there under the guise of some, some store, let's say, it's your mother's birthday, there, here,
let us know, we want a gift for her, a gift for you, a gift for her, respectively, tell us her full name, there, last name and so on, so that we can send it all, arrange it. Well, in the case of the mother's maiden name, something connected with the school, for example, the school administration, some archive of the best students, tell the mother's maiden name.
Yes, well, each case is individual, naturally, that is, everyone needs it, a different approach.
What is your attitude to alcohol and drugs?
Interviewer:
In our country, in our post-Soviet space, it is probably accepted as a tradition to drink alcohol. Moreover, the consumption is sometimes completely uncontrollable. Then at one time they fought against it. Toxicomania came to the forefront, yes. Then they seemed to stop fighting alcohol, they started sniffing less, drugs appeared. Now we are fiercely fighting drugs, with everything connected with them. On the one hand, there is alcoholism, which has been inherent in our society for centuries.
There is drug addiction, which has emerged relatively recently. We are now fighting drug addiction very seriously. Maybe, with alcoholism, on the contrary. Please, go to any store, at any time, everything is available, everything is produced, everything is officially produced by the state. So, what do you think, where is the greater evil, in what place in our tradition, when they got into ours or in drug addiction.
Carder:
I saw two sides of the coin there, I had an alcoholic, yes, and I saw hundreds of drug addicts behind bars. A drug addict, well, he steals the maximum, that is, they are pickpockets, these are drug addicts, yes, but they do not walk the streets with an axe, they do not swing, they do not kill left and right. That is, I watched, observed, compared, analyzed, talked a lot behind bars, 90% of all serious violent crimes, these are murders, rapes, serious bodily harm, 90% of them are committed under the influence of alcohol.
Not drugs. And, of course, the saddest thing is that many do not remember what they did in the morning. That is, he killed, he is tried, he is given 20 years, but he does not remember how it happened, because he drank his own head. And why did he drink? Because there is no culture of drinking from childhood, like in Italy, France, Spain, in countries where children are gradually introduced to alcohol from childhood and so on, a family tradition.
Our people drink not for pleasure, but to turn off the head, essentially, to forget and something else. And accordingly, they do not remember it. Therefore, answering the question, let's say, yes, what is more terrible for society, alcohol or drugs, that is, I am absolutely convinced that alcohol, of course.
But, nevertheless, I am not saying that drugs are good, I am saying that both bad alcohol and drugs, any excess is bad for a person, naturally, and for those around him, but for society, of course, alcohol is more terrible, but we mercilessly fight drugs and at the same time produce cheap alcohol, accessible, cheap. Drug addiction is, let's say, more of a problem for one family. That is, if there are drug addicts in the family, then those around suffer. But he does not go around killing left and right.
An alcoholic, he is generally not subject to any control. Not only does he harm the semester, but society as a whole.
Interviewer:
Yes, as a rule, a drug addict is a person who is more suicidal than socially dangerous.
Carder:
But, as I already said, both are bad, naturally.
What credit card should I get?
Interviewer:
Well, we are talking about vices now, yes, there is also smoking, which is also nothing, but probably the least dangerous, and there are also, okay, let's not talk about everything, there are many things. If, let's say, you yourself decided to save all the money on the card, I know you have a card, you had them before, judging by the book, a lot of different types of these cards, so if you were giving someone advice on which card to get, what would you say?
Carder:
I would advise the cheapest one, that is, this is the classic, if we either take Visa or MasterCard Standard, because there is no particular point in overpaying for the annual servicing of the same Gold card, although yes, with it you can book a table in a restaurant somewhere, have a bigger discount somewhere.
Interviewer:
Well, as a rule, they forget about it, the registrars are lying.
Carder:
Yes, that's the point. They don't know and just pay more because of the status. Here I have a Gold card, and technically it’s the same card as the Classic, but you pay twice as much for its annual service. Well, naturally, I would recommend the cheapest card.
Interviewer:
But the pies, all this priority pass, these are all, most likely, some kind of marketing ploys, which are more likely to raise people’s status.
Carder:
Yes, both for show.
Interviewer:
Well, show-off and status, yes, nothing more.
Carder:
Of course, yes.
Interviewer:
And then, in general, when you take out your card somewhere in a store, it’s probably not very desirable to show it off. That is, what’s the show-off in that case, if it’s something that warms your wallet?
Carder:
No, well, if you take out a black card, black in color, there, in society, among those who know it, everyone understands that you’re doing very well in life.
Interviewer:
And what are black ones?
Carder:
Black ones are American Express Centurion, black Diners Club, there is also a black Visa, Visa Black Card, well, these are cards for very wealthy people, because the same Amex Centurion is issued only to those bank clients who spend from 250 thousand dollars a year and more on the card.
Interviewer:
Well, and accordingly, the account must be at a certain level. That is, the amount of money.
Carder:
That is, a card, for example, Amex Centurion, it is impossible to buy it there, they will simply offer it to you when you reach a certain level as a client-bank. Interviewer
:
Well, that is, this is not the question of what kind of card you would advise someone to get. It is impossible to get such a card. Well, today we talked about, basically, Well, how to protect yourself from someone getting into your own card, stealing anything, depriving you of anything for your well-being. As far as I understand, there are still no recipes that would in any case protect you 100% from anything. Do
I understand correctly?
Carder:
Only healthy paranoia, only.
Interviewer:
Only, yes.
Carder:
And common sense is caution, of course.
Interviewer:
But this can minimize your risks in storing money on the card, its use. That is, probably, in some way there is such a global meaning of our people, maybe some kind of backstory, when he received something, a card, a salary, for example, went to an ATM, tore it all off in one go and went home. That is probably why, I don’t know, now, in principle, the banking system is popularizing cards.
People really use them more, there are more terminals, more places where you can pay with them. In your opinion, does this not introduce some kind of carelessness to working with your hard-earned money?
Carder:
I think that banks just need to conduct more information work. Because no one essentially introduces a person when they are given a card. Well, this is all understandable, there are few employees, the workload is high. No one bothers to give any client who opens a card, well, at least a short memo, that is, elementary security measures, and to the same cashiers in the store who
service the cards, that is, to hand out what they should do.
Interviewer:
But it seems like they started giving them out, I see, I've had a couple of cards recently.
Carder:
Well, that's common sense, well, in Russia, for example, I haven't seen anything like that.
Interviewer:
I haven't seen anything like that, right? Yeah. I just remember my last card, it seemed like something came with it, but you see again, it doesn't even seem to count that...
Carder:
So spend five minutes on that, I mean, well, tell your client how to protect themselves, that will also protect your money.
Interviewer:
You know, maybe even, for some reason I'll stand up for the banquet a little now, yes, most likely, that they even have, well, as usual, on the websites there is all this information, yes, there may not be safety recommendations, I'm afraid that, probably, the person himself is not yet ready to carefully study such things, you know, like until he... Well, that information overload. And overload, yes. Until he himself touches it, sometimes it already seems that this is not about me. Yes, a week or two ago I would not have thought that a person would be sitting in my kitchen who would tell me how he stole a million.
I will not ask the question, how much did you really steal, a million, not a million, let that remain outside our kitchen. But nevertheless, such a person was our guest today. Sergey Pavlovich, bye.
