Two eighteen-year-olds appeared in a British court in early August accused of running their own online black market in everything an identity thief would need to own your identity. And they might still be running it today, unchallenged, if they hadn’t made so many blundering mistakes.

The two teens, along with some other accomplices, were accused of operating an online criminal forum called GhostMarket.net.  Members of that forum, 8,000 strong at the time of the bust, were able to share and sell all kinds of hacker goodies, including stolen credit card numbers and compromised bank accounts, along with toolkits to create data stealing malware like Trojans.

The forum even operated its own School for Scoundrels, with tutorials on everything from creating elaborate phishing scams to hacking into web sites.

Things seemed to be going pretty well until one of the gang’s leaders made a cardinal mistake – he tried to pay a hotel bill using a stolen credit card instead of his own. An experienced crook would have advised him not to take such a risk if he didn’t need to – much easier to use a real card and pay off the balance any way you like. (Not that I’m recommending this.)

When the police came to arrest him, they were greeted with yet another stroke of good luck (or bad judgment on the part of the thief). One of the gang leaders was apparently so cocky he had business cards printed, not with his real name, but with the hacker handle he had been using in the hacker underworld  which ultimately alerted police to his black market stockpile.

But the story doesn’t end there. The two quickly skipped bail, heading for the sunny Mediterranean island of Majorca where they partied like teenage rock stars.  Maybe they got homesick, but they were immediately arrested when they showed up at a British airport a couple of months later – this time using their real passports and carrying a laptop containing more than 100,000 stolen credit card numbers.

The real worry is that because of their ages, they may not serve much time for their crimes. But just enough to figure out where they went wrong and how to do things right next time without being caught.

Lessons learned?

• You don’t have to be smart to be a cyber crook, which is why identity theft is such an epidemic. You just have to be smarter at not getting caught.
• There are thousands of sites around the world where stolen information, perhaps even yours, is sold to the highest bidder. That’s why it’s often better to assume your information is already in the hands of the bad guys so you can focus on stopping them from hurting you with it.
• Be proactive in protecting your PII. Keep SSNs, passports, and sensitive documents in secure, fireproof safes. Invest in an identity monitoring service. Keep a close watch on your bank accounts and public records, so if a situation does arise, you can act and act quickly.

RELATED STORY: Teenagers accused of running cybercrime ring

http://www.zdnet.co.uk/news/security-threats/2010/08/06/teenagers-accused-of-running-cybercrime-ring-40089761/

No related posts.