The digital realm’s concealed corners, the darknet, and the deep web, are infamous for their nefarious activities. They are often misunderstood and consistently mischaracterized. Though these hidden parts of the internet have legitimate uses, they have also gained notoriety for fostering a booming trade in illegal goods, including purloined credit card details.
Deciphering the Deep Web and the Darknet
Let’s clear some common misconceptions first. The deep web refers to internet segments not indexed by conventional search engines. This could cover your email inbox or private companies’ backend databases. On the other hand, the darknet, a subset of the deep web, is where websites operate incognito and can only be accessed with specific software like Tor. This obscurity makes it difficult to track transactions and identities, making the darknet an ideal hub for illegal activities, such as the trade in stolen credit card information.
The Modus Operandi of Cybercriminals
Cybercriminals engage in a straightforward yet effective process. They gain unauthorized access to a victim’s credit card details through methods like phishing, malware, or skimming. These stolen details are then sold on darknet marketplaces. Once bought, these details can be used for unauthorized transactions, identity theft, and other fraudulent activities.
According to Cybersecurity Ventures, cybercrime, including credit card fraud, is forecasted to inflict damages worth $10.5 trillion annually by 2025, a stark increase from $3 trillion in 2015. Although it’s challenging to isolate the impact of credit card fraud, this increase underscores the problem’s severity.
An examination by Privacy Affairs revealed that in 2021, the price for stolen credit card details on the darknet ranged from $12 to $20 per card, depending on the card’s region, brand, and other factors. Essentially, a criminal can steal someone’s financial identity for less than the cost of a meal.
Though quantifying the exact number of stolen credit cards traded in the darknet is challenging, a 2019 study by Sixgill, a cybersecurity firm, revealed that nearly 23 million credit card numbers were being sold on the darknet. This disturbing figure only represents the cards that were detected.
Types of Credit Cards
You can find two types of credit cards in the darknet.
- Free Cards: These are credit cards offered for free on the Dark- and Deepweb. While millions of credit cards are indexed in Kaduu’s logs, the data is likely outdated. It’s rare for working credit cards to be offered for free. You can find this type of credit cards in the database search in the Control Center app.
- Paid Cards: These are credit cards offered for sale on the dark and deep web. They are presented like commercial goods, mostly functional cards for which you have to pay a specific down payment.
Sourcing Free Cards
Hackers often dump free credit card logs. Though these dumps might not have the latest card data, usually sold at a high price, they can still help owners determine if their card has been affected by a past leak.
Cost of Stolen Credit Card Data on the Darknet
The cost of buying stolen credit card information on the darknet varies depending on factors like the card type, the issuing country, and the amount of accompanying information.
Typically, a single credit card number, known as a “dumps,” can be sold for a few dollars. A “dumps” is the information on a credit card’s magnetic strip, which can be used for fraudulent in-store purchases.
Conversely, a complete package of credit card information, known as “fullz,” which includes the cardholder’s name, address, date of birth, social security number, and other personal information, can be sold for $10-$50. These fullz are used for fraudulent online purchases, bank account openings, loan applications, and other financial frauds.
It’s important to note that these prices are just estimates. Costs may vary based on the source, data quantity, and the prices are subject to change over time. The costs can also differ based on the location and the vendor.
Discovering Credit Card Marketplaces
Cybercrime is a persistent and swiftly evolving issue in our digital society. A significant part of this criminal landscape is credit card theft, where purloined information is bought and sold in the internet’s shadowy corners. As technologies evolve, so do the methods used by these criminals to advertise their illegal goods. Let’s explore some of the known avenues they use to market their stolen credit card shops, including some lesser-known ones.
Social Media Platforms: Instagram, TikTok, and even LinkedIn have inadvertently become platforms for cybercriminal activity. Hackers use coded language and disguised URLs to evade algorithms designed to detect and remove illegal content. In recent years, Instagram and TikTok profiles advertising “CC” (Credit Card) “dumps” (batches of stolen credit card information) have been discovered, reflecting the audacity and adaptability of cybercriminals.
Instant Messaging Apps: WhatsApp and Telegram are often used as direct communication channels between cybercriminals and potential buyers. Telegram, in particular, with its encryption and anonymity features, has been increasingly exploited by hackers. They create channels or groups where they post ads and updates about their available credit card data.
Paste Sites: Cybercriminals utilize “paste” websites such as Pastebin or Ghostbin to host information temporarily. These sites allow users to share plain text through unique URLs, which can be easily shared and deleted after a certain period, making it harder for law enforcement to track their activities.
Hacker Forums: These are digital havens for cybercriminals to trade tactics, sell stolen data, and advertise their services. Forums such as RaidForums, Nulled, or XSS are just a few examples where stolen credit card information can be found.
Search Engine Manipulation: By compromising legitimate websites, hackers can insert hidden pages that advertise their wares. These pages can be SEO-optimized for terms like “CVV dumps”, causing them to appear in the search results of major engines like Google.
Banners and Google Ads: Surprisingly, some criminals use actual banner advertisements and Google ads to advertise their stolen credit card shops. They use deceptive language and imagery to mislead unsuspecting users, and even attempt to appear as legitimate businesses.
Darknet Marketplaces: Darknet markets such as AlphaBay, Dream Market, and others operating on the Tor network, are infamous hubs for illegal transactions, including stolen credit card data. These markets often provide escrow services to ensure “fair” trades between sellers and buyers.
Gaming Platforms: In recent years, platforms like Discord and even in-game chats have been exploited by hackers. They use these platforms to communicate, advertise, and sell their illicit wares.
Peer-to-Peer Networks: P2P networks and torrent sites are often leveraged by cybercriminals to share stolen information. Such sites usually have lax regulation, making it easier for criminals to advertise and distribute their wares.
Scraping Paid Credit Cards
Websites for stolen credit cards can be found on the Deepweb or Darknet. The biggest challenge in scraping is to emulate human behavior, bypass Captcha, Cloudflare/Datadome/Ddosguard, and similar protection mechanisms. On some sites, metadata about the credit cards is published. On others, a package is offered without revealing what’s inside before you buy it.
Verifying the Quality of the Paid Credit Cards
Unfortunately, very often artificially generated credit card data is offered, which is not associated with any real account. However, there are websites where the sellers are rated.
Gathering Meta-Data Related to Paid Credit Cards
A typical website has the following fields for each credit card record:
- BIN (4, 5, or max 6 Digits)
- Expiration Date
- Price
However, some websites offer more fields:
- Country/State/PLC
- address/full name/part of name
- A base name to which this record belongs, and a valid rate.
The basename likely contains the publication date, so you can understand when a CC record was published.
Challenges and Limitations of Paid Scraping of Credit Card Data
Data disappears after purchase: Our research team has found that once a database is published, the numerous records can sell out on the first day.
Data duplication: Some websites might steal data from each other. A typical example: a database with X records has a price of $8 per record. Another website might offer the same records for $15 per record.
Problems with junk data/fake records: Anyone can easily create fake credit card records. These fake cards are mixed in with the valid cards. Sometimes the entire credit card marketplace is fake and a scam (they are after the participation fee).
Coverage (Telegram, etc.):New card sites are popping up, old ones are disappearing. We currently only cover darknet and deep-web, but there are also Discord, Whatsapp, and Telegram Channels that sell cards.
You don’t know what you’re buying: With many offers, you don’t see what you’re buying. This makes it virtually impossible to understand which cards, banks, or users might be affected before you buy them. Please note that we can buy sample card packages for you.