KOMPAS.com - A new service aims to be the Google search of underground websites, connecting scammers to a vast sea of web forums that offer an array of dodgy goods and services, from stolen credit card numbers to identity information and anonymity tools.
A recent glut of data breaches and stolen card numbers has spawned dozens of sites that sell the information in what is known as the undeground economy. These undergound sites are frequented by criminals who buy and sell stolen financial data as well as tools to commit further fraud such as credit card printers, plastic supplies and the services of others willing to shop for genuine goods using stolen cards.
The data is mostly gathered through online hacks. Until now each underground site required users to create separate accounts and sign in before they could search for goods.
Enter MegaSearch.cc, which lets potential buyers discover which fraud sites hold the cards they're looking for without having to first create accounts at each one. This free search engine aggregates data about compromised payment cards, and points searchers to various fraud sites selling them.
The site is domiciled in the Cocos Islands, an Australian territory, but was offline at time of publication. According to its creator, the search engine does not store the compromised card numbers or any information about the card holders. Instead, it works with carders' market owners to index the first six digits of all compromised account numbers that are for sale.
These six digits, also known the "Bank Identification Number" — or BIN — identify which bank issued the cards. Searching by BIN, MegaSearch users are given links to different fraud sites that are currently selling cards issued by the corresponding bank. This gives cyber criminals an easy way to search for multiple stolen cards in a particular location, helping their fraud efforts.
I first read about this offering in a blog post by RSA Fraud Action Research Labs. It didn't take much time poking around a few hacker boards to find the brains behind MegaSearch pitching his idea to the owners of different fraud sites. He agreed to discuss his offering with me via instant message, using the search service as his screen name.
"I'm standing on a big startup that is going to be [referred to as] the 'underground Google,'" MegaSearch told KrebsOnSecurity. "Many users spend a lot of time looking [through] shops, and I thought why not make that convenient?"
The service currently indexes compromised BINs from five different card sites, although he said several more sites were close to completing their integration with MegaSearch.
He acknowledged garnering a small advertising fee for each relationship, although he repeatedly declined to discuss the particulars of those arrangements. But he said both sides benefit: stolen card data grows less reliable with age, and fraud sites that are indexed by MegaSearch stand a better chance of clearing their inventory faster, the hacker argues.
MegaSearch said that when his site first launched at the end of 2011 and began indexing the five card sites he's now tracking, those sites had some 360,000 compromised accounts for sale, collectively. Since then, those sites have moved more than 200,000 cards. The search engine currently has indexed 352,000 stolen account numbers that are for sale right now in the underground.
According to BIN search stats published on the site, Citibank cards are the most sought-after, followed by cards issued by FIA Card Services, Capital One and Chase. St George Bank cards are shown in the screen shots as being available from an underground market site called Pawn Shop.
In the coming weeks, he said, the site will include new features that index other types of criminal wares, including US Social Security numbers and proxies — addresses of hacked PCs that paying clients can use as a relay to anonymise their online communications.
"I'm about to add more services to that site that would help newbie underground, including proxies, stolen identity information, etc.," MegaSearch told me. "I'm also going to add a survey [to rate] the best shop."
2011 has been called the Year of the Data Breach. If services like MegaSearch are indicative of a trend, 2012 may well become known as the year the criminal underground started getting a clue about how to better index and use all of its stolen data.