Newly Launched 'Scanned Fake Passports/IDs/Credit Cards/Utility Bills' Service Randomizes and Generates Unique Fakes On The Fly

In my most recent analysis of the Russian underground marketplace for fake documents/IDs/passports, I emphasized on overall prevalence of fake identities, which can be both, manually 'crafted' by experienced designers possessing high quality scanned originals in order to produce physical copies, or automatically generated, with the users sacrificing quality in the process or looking for a bargain deal.

What's also worth emphasizing on in terms of discussing this cybercrime ecosystem market segment from multiple perspectives, is the overall international acceptance of scanned identification documents for various remote identification purposes, which opens doors to the systematic abuse of a vast number of legitimate services, as well as helps facilitate the generation of fake personalities, which can be abused in a any way the fraudster desires.

What are some of the latest developments within this cybercrime ecosystem market segment? The introduction of a scalable, DIY (do it yourself) self-service on the basis of a pseudo-randomized database of fake identity data, photo IDs with randomized appearance characteristics on the fake scanned documents, to avoid detection of a single pattern, all available as a service, as of June, 2013.

Basically, what this service does, is to provide a DIY Web based interface where users can take advantage of the on-the-fly generation of fake scanned copies of identification documents such as passports/IDs or credit cards. According to the vendor, the service has an inventory of over 200 photos for passports and IDs, is completely randomizing multiple aspects of the generated scanned fakes, in an attempt to mitigate the probability of having an entire set of statically generated fakes, easily detected by, for instance, law enforcement.

The vendor also claims that the service can generate a fake in approximately 40 seconds. Payment methods accepted? WebMoney, PerfectMoney, Bitcoin and Paymer.

Sample screenshots of sample scanned fakes generated using the service, and offered as samples:

Sample screenshots of the fake scanned utility bills/credit cards generated using the service:

Financial institutions part of the service's inventory of fake scanned credit cards:
- Amegybank
- Barclays
- Bpn
- Boa
- Capital One
- Chase
- Cibs
- Citibank
- Citizens
- Commonwealth
- Harborstone
- Hfds
- Icba
- Nab
- Natwest
- Navy Federal
- Nordstrombank
- Rbs
- Silverton
- Societegenerale
- Sparkasse
- Union Plus
- US Bank
- Wachovia
- Wells Fargo
- Westpac

With scanned IDs continuing to act as the primary (remote) identification factor for a huge number of legitimate companies, it shouldn't be surprising that cybercriminals have apparently found a way to automate the process, allowing it to scale, and eventually grow, with the efficiency-centered model becoming the de factor standard for Quality Assurance (QA) within the cybercrime ecosystem.

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

Newly Launched 'Scanned Fake Passports/IDs/Credit Cards/Utility Bills' Service Randomizes and Generates Unique Fakes On The Fly

In my most recent analysis of the Russian underground marketplace for fake documents/IDs/passports, I emphasized on overall prevalence of fake identities, which can be both, manually 'crafted' by experienced designers possessing high quality scanned originals in order to produce physical copies, or automatically generated, with the users sacrificing quality in the process or looking for a bargain deal.

What's also worth emphasizing on in terms of discussing this cybercrime ecosystem market segment from multiple perspectives, is the overall international acceptance of scanned identification documents for various remote identification purposes, which opens doors to the systematic abuse of a vast number of legitimate services, as well as helps facilitate the generation of fake personalities, which can be abused in a any way the fraudster desires.

What are some of the latest developments within this cybercrime ecosystem market segment? The introduction of a scalable, DIY (do it yourself) self-service on the basis of a pseudo-randomized database of fake identity data, photo IDs with randomized appearance characteristics on the fake scanned documents, to avoid detection of a single pattern, all available as a service, as of June, 2013.

Basically, what this service does, is to provide a DIY Web based interface where users can take advantage of the on-the-fly generation of fake scanned copies of identification documents such as passports/IDs or credit cards. According to the vendor, the service has an inventory of over 200 photos for passports and IDs, is completely randomizing multiple aspects of the generated scanned fakes, in an attempt to mitigate the probability of having an entire set of statically generated fakes, easily detected by, for instance, law enforcement.

The vendor also claims that the service can generate a fake in approximately 40 seconds. Payment methods accepted? WebMoney, PerfectMoney, Bitcoin and Paymer.

Sample screenshots of sample scanned fakes generated using the service, and offered as samples:

Sample screenshots of the fake scanned utility bills/credit cards generated using the service:

Financial institutions part of the service's inventory of fake scanned credit cards:
- Amegybank
- Barclays
- Bpn
- Boa
- Capital One
- Chase
- Cibs
- Citibank
- Citizens
- Commonwealth
- Harborstone
- Hfds
- Icba
- Nab
- Natwest
- Navy Federal
- Nordstrombank
- Rbs
- Silverton
- Societegenerale
- Sparkasse
- Union Plus
- US Bank
- Wachovia
- Wells Fargo
- Westpac

With scanned IDs continuing to act as the primary (remote) identification factor for a huge number of legitimate companies, it shouldn't be surprising that cybercriminals have apparently found a way to automate the process, allowing it to scale, and eventually grow, with the efficiency-centered model becoming the de factor standard for Quality Assurance (QA) within the cybercrime ecosystem.

Summarizing Webroot's Threat Blog Posts for June

The following is a brief summary of all of my posts at Webroot's Threat Blog for June, 2013. You can subscribe to Webroot's Threat Blog RSS Feed, or follow me on Twitter:

01. Compromised FTP/SSH account privilege-escalating mass iFrame embedding platform released on the underground marketplace
02. New E-shop sells access to thousands of hacked PCs, accepts Bitcoin
03. Pharmaceutical scammers impersonate Facebook’s Notification System, entice users into purchasing counterfeit drugs
04. iLivid ads lead to ‘Searchqu Toolbar/Search Suite’ PUA (Potentially Unwanted Application)
05. Hacked Origin, Uplay, Hulu Plus, Netflix, Spotify, Skype, Twitter, Instagram, Tumblr, Freelancer accounts offered for sale
06. Scammers impersonate the UN Refugee Agency (UNHCR), seek your credit card details
07. Fake ‘Unsuccessful Fax Transmission’ themed emails lead to malware
08. Tens of thousands of spamvertised emails lead to W32/Casonline
09. Rogue ads lead to SafeMonitorApp Potentially Unwanted Application (PUA)
10. How cybercriminals apply Quality Assurance (QA) to their malware campaigns before launching them
11. Rogue ads target EU users, expose them to Win32/Toolbar.SearchSuite through the KingTranslate PUA
12. New boutique iFrame crypting service spotted in the wild
13. Rogue ‘Oops Video Player’ attempts to visually social engineer users, mimicks Adobe Flash Player’s installation process
14. New E-Shop sells access to thousands of malware-infected hosts, accepts Bitcoin
15. New subscription-based SHA256/Scrypt supporting stealth DIY Bitcoin mining tool spotted in the wild
16. Rogue ‘Free Mozilla Firefox Download’ ads lead to ‘InstallCore’ Potentially Unwanted Application (PUA)
17. SIP-based API-supporting fake caller ID/SMS number supporting DIY Russian service spotted in the wild
18. Rogue ‘Free Codec Pack’ ads lead to Win32/InstallCore Potentially Unwanted Application (PUA)
19. Self-propagating ZeuS-based source code/binaries offered for sale
20. How cybercriminals create and operate Android-based botnets

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.