Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Wednesday, April 10, 2013
Historical OSINT - The "BadB International" Cybercrime Enterprise
BadB is the nickname of Vladislav Anatolievich Horohorin, a high profile carder, who eventually got busted in France in 2010. This month, he was sentenced to serve 88 months in prison, ordered to pay $125,739 in restitution, and sentenced to two years of supervised release.
In the wake of these events, I decided to release some raw OSINT data regarding BadB's official Web site, hxxp://badb.biz.
Related URLs: hxxp://badb.biz; hxxp://badb.org; hxxp://dumps.name
Emails: badb4cc@yahoo.com; metaksa_s@yahoo.com; support@agava.com; admin@agava.com; admin@carderplanet.biz
ICQ: 49162552
Phone number: +19522325532 (Working according to BadB in 2009)
IP hosting history for badb.biz from 2005 to 2010 in the format (initial hosting IP -> IP change detected to a new IP):
217.107.212.115 -> 64.202.167.129
64.202.167.129 -> 217.107.212.115
217.107.212.115 -> 217.107.212.9
217.107.212.9 -> 89.108.66.104
89.108.66.104 -> 68.178.232.99
68.178.232.99 -> 89.108.66.104
216.8.177.23 -> 78.109.18.150
78.109.18.150 -> 196.32.222.9
89.108.73.117 - >94.75.221.75
94.75.221.75 -> 92.241.164.92
Sample Abous Us section description from badb.biz:
We are independent e-commerce security investigation group. We are help e-commerce organisations such as Visa, Mastercard, regional processings and other e-commerce structures to understand how vulnerable they are. We are not connected to any crimminal structures, not performing any outlaw actions by ourselves, not selling drugs, not sendinding any spam, not connected to any child porno, not supporting terrorists itselves nor terrorist organisations. If you received any spam from us - this is a fake of our enemies we are never use spam to promote our site. All information you can read here provided "As Is" and only for educational purposes. All articles are copyrighted. If you wish to take any part of information from here - please reffer to origination site. All we do - is we have for sale some dumps, cvvs and cobs - just for experemental purposes of our custommers ;-) We listen and effectively respond to your needs and those of your clients. We are experts at translating those needs into marketing solutions that work, look great and communicate well. Each day brings increased opportunity to increase business in current as well as new.
This case is a great example of a simple fact - with or without BadB, the market for stolen credit cards data, continued growing throughout the entire 2011. Then in 2012, we witnessed two law enforcement operations, courtesy of SOCA, and the FBI. However, despite these efforts, the market for stolen credit cards data remains as vibrant as always.
Thanks to the standardization taking place in respect to the money mule recruitment process, as well as the nearly identical online shops for stolen credit cards data, those who cannot "cash out" the balances of the credit cards, will choose to risk-forward the selling process to the buyers of the stolen data. The rest, will basically continue looking for more efficient, automatic, and anonymous ways to get access to the stolen money, continuing to rely on money mules of virtual currencies.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment