Cybercrime Untouchables?

“YOU’VE probably never met Sergey Kozerev, a former student at the State University of Technology and Design in St. Petersburg, Russia, but it’s possible that he’s mugged you.

In the online world, he operates under the pseudonym Zo0mer, according to American investigators, and he smugly hawks all manner of stolen consumer information alongside dozens of other peddlers at a Web site he helps manage.”

The text above was the lead for a story published April 3, 2006 in The New York Times. It described Zo0mer as a “kingpin” of the criminal underworld market for stolen identities and credit cards.

What’s remarkable is that — almost four years later — Zo0mer’s business appears stronger than ever.

Today, Zo0mer/Kozerev runs perhaps the most bustling marketplace for purloined financial data in the UnderWeb. His Flash advertisements, like the one pictured below, adorn several prominent “carding” forums.

The ads promote a pair of his services: One sells “dumps” — account data stolen (by malware or skimmers) from the magnetic stripes on the back of all credit and debit cards that can be used to create counterfeit cards; the other peddles stolen credit card data and sensitive personal information that can be used to hijack identities and change the mailing address records on bank accounts.

Two of Zo0mer's threads on a carding forum.

Below are screen shots of Zo0mer’s two fraud shops, which show the prices associated with each of these services. According to Zo0mer’s posting on one carding forum, one credit card + its corresponding card security code costs about $1, and the price goes down for high volume purchases. If you want the absolutely freshest stolen card numbers, the price doubles to $2 per card, and redoubles to $4 per card if you care which bank issued the card. Hacked eBay and Paypal accounts also are for sale.

Searches for the mother’s maiden name of a potential identity theft victim cost $10, and roughly $4 lets you look up a Social Security number.

If you’re a cyber criminal and prefer simply to profit from selling stolen personal and financial data, Zo0mer will take that hot information off your hands at whatever price the market will bear (well, his market anyway). “I will take on resell your CC or DUMP Base. Best for peoples who like money and want to stay anonymous,” Kozerev states on a popular, members-only carding forum.

It’s perhaps not surprising that Zo0mer has been left to his own devices there at his shop in St. Petersburg: There seem to be few consequences for criminal hackers that are arrested and charged in Russia. In September, 29-year-old St. Petersburg resident Viktor Pleshchuk, one of the masterminds behind the $9 million hack into RBS WorldPay in 2008, received a six-year-suspended sentence after pleading guilty to the crime.

Оставьте комментарий