Skip navigation

payment systems

warning: Creating default object from empty value in /var/www/vhosts/ on line 33.
Original author: 
Dan Goodin


Federal authorities have accused eight men of participating in 21st-Century Bank heists that netted a whopping $45 million by hacking into payment systems and eliminating withdrawal limits placed on prepaid debit cards.

The eight men formed the New York-based cell of an international crime ring that organized and executed the hacks and then used fraudulent payment cards in dozens of countries to withdraw the loot from automated teller machines, federal prosecutors alleged in court papers unsealed Thursday. In a matter of hours on two separate occasions, the eight defendants and their confederates withdrew about $2.8 million from New York City ATMs alone. At the same times, "cashing crews" in cities in at least 26 countries withdrew more than $40 million in a similar fashion.

Prosecutors have labeled this type of heist an "unlimited operation" because it systematically removes the withdrawal limits normally placed on debit card accounts. These restrictions work as a safety mechanism that caps the amount of loss that banks normally face when something goes wrong. The operation removed the limits by hacking into two companies that process online payments for prepaid MasterCard debit card accounts issued by two banks—the National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman—according to an indictment filed in federal court in the Eastern District of New York. Prosecutors didn't identify the payment processors except to say one was in India and the other in the United States.

Read 3 remaining paragraphs | Comments

Your rating: None

"Click Trajectories: End-to-End Analysis of the Spam Value Chain" is a scholarly research paper reporting on a well-designed study of the way that spam works, from fast-flux DNS to bulletproof hosting to payment processing to order fulfillment. The researchers scraped mountains of spam websites, ordered their pills and fake software, and subjected it all to rigorous comparison and analysis. They were looking for spam ecosystem bottlenecks, places where interdicting one or two companies could have a major impact on spam.

Figure 1 illustrates the spam value chain via a concrete
example from the empirical data used in this study.
On October 27th, the Grum botnet delivered an email
titled VIAGRA R Official Site. The body of the mes-
sage includes an image of male enhancement pharma-
ceutical tablets and their associated prices (shown). The
image provides a URL tag and thus when clicked
directs the user's browser to resolve the associated domain
name, This domain was registered by
REGRU-REG-RIPN (a.k.a. on October 18th --
it is still active as of this writing. The machine providing
name service resides in China, while hosting resolves to a
machine in Brazil. The user's browser initiates an HTTP
request to the machine, and receives content that renders
the storefront for "Pharmacy Express," a brand associated
with the Mailien pharmaceutical affiliate program based in

After selecting an item to purchase and clicking on
"Checkout", the storefront redirects the user to a payment
portal served from (this time serving
content via an IP address in Turkey), which accepts the
user's shipping, email contact, and payment information, and
provides an order confirmation number. Subsequent email
confirms the order, provides an EMS tracking number, and
includes a contact email for customer questions. The bank
that issued the user's credit card transfers money to the
acquiring bank, in this case the Azerigazbank Joint-Stock
Investment Bank in Baku, Azerbaijan (BIN 404610).
Ten days later the product arrives, blister-packaged, in a
cushioned white envelope with postal markings indicating
a supplier named PPW based in Chennai, India as its

Click Trajectories: End-to-End Analysis of the Spam Value Chain (PDF)

(via MeFi)

Your rating: None