Interestingly enough, the Canadian card (shown in the first row) is selling for $51.48 while most of the US cards sell for significantly less. Not sure why. Canadians have better credit? Even more shocking was the number of credit cards in the dump was dwarfed by the number of DEBIT cards! I'm not sure about you, but my mother always told me "don't use your debit card like a credit card! It's not safe!" ...I'll have to remember to ask my banker friends if this is really so. I'm not normally into tracking carding, there are loads of folks who do, but this was just to rich. The idea that a dump would be named "American Sanctions" after only recently I blogged about bankers being used as unprotected pawns by the Treasury department. This really got my analytic juices pumping.
Years ago when I first started in the intel business, profiling attacks, victims, attackers, etc., I worked with a couple of really cool guys. My team profiled over 3000 attackers with the idea of understanding not only who these guys were, but how they operate, what their motivations were, and if, over time, they got better. The nice thing was, many of them were new. When they hacked, we saw it, knew who they were (because of their poor OPSEC) and through a combination of means, could track their growth (and attacks) throughout the years. And of course it worked. I have a feeling we're seeing the same thing on this hacker forum. Young users grabbing tools practicing terrible OPSEC. They'll get better. And we'll know. And yes, we're posting this stuff to our membership, and indicators to Threat Recon.
BT BT
We had a heck of a great time this week. I've not been to Manhattan for more than a couple of hours at a time in years. Usually I take the train in, attend a meeting or two, and take the last train out. And now, I've spent most of the last two weeks there. Last Tuesday was with the Chertoff Group (thanks Mark for the invite!) before doing cocktails with Red Sky members at the Vander Bar in midtown, and Threat Day on Wednesday at the HQ of a large Manhattan based bank. What a place.. we were on the 26th floor, facing south, right on Times Square. The presentations were incredible --one member talked about building a DNS filtering tool that he uses to analyze all of his DNS requests. Another talked about joining a botnet to analyze activity. Another detailed an APT event that they'd lived through, and yet another profiled an APT actor. Every quarter I get reenergized when I sit through Threat Day. It's not about having 2000 people in Vegas, it's about 30 really smart ones sitting in a room, watching the screen, interacting and sharing notes. And that's what we did. That's what I like about Red Sky.
I'm going to close out this week with this. A Mitre PhD just published a piece entitled "Turning the Tables on Cyber Attackers...." I especially like the section "Mixing Automated Tools with Human Analysis" (as a side note, nine providers set dozens of cookies on my browser when I opened it). That said, Mitre is now espousing the idea that humans must be involved in analysis to turn the tide on cyber attacks. Say it ain't so! Mitre called out Red Sky Alliance about a year ago as one of the better sources for human analysis, crowdsourced in our private portal. And today, the idea that humans need to look at both the forest and the trees is a massive step forward in thinking. What's old is new again. I love it. The paper in its entirety may be viewed on the Mitre site. For now, know this. It's true. Relying on open source of big data always requires further analysis. Someone MUST sort through, evaluate and prioritize findings. That's where we come in.
I especially love this paragraph:
"... Automated tools are incredibly useful, but detecting advanced cyber intruders also depends on skilled and experienced defenders. These defenders are like detectives at the scene of a crime—looking for clues, following leads, making connections, and using intuition as well as hard data to figure out who did what."
On that, ThreatRecon.co is going well. We'll have a simple web interface up soon. Red Sky is welcoming new members, and Wapack Labs is busy. Need information? Drop us a note. Red Sky for collaboration; Wapack Labs for subscriptions; and Threat Recon (API) for up to a thousand free queries per month.
Until next time,
Have a great week!
Jeff