A group calling itself “Anonymous Ukraine” boasted this week that it is in possession of 800 million credit and debit card details. In a bid to substantiate the claim, the crew said it had uploaded about 7 million of the cards to file-sharing sites and linked to archives of the data from two Pastebin posts.
These archives, 300MB in size, contained a mix of account details and magnetic-strip information for MasterCard, Visa, Discover and American Express cards, it was claimed. There’s been some speculation that the data was sourced in part from hacked sales tills in Target stores across the US – some senior politicians blame hackers from Ukraine for infiltrating the retail chain’s computers to swipe 40 million or so cards.
“I would continue watching posts from the group, and checking their data dumps for validity,” says Ernest Hampson, technical director for Battelle’s cyber intelligence and counterintelligence group.
“It’s really important to keep an eye on your enemy, find out what they’re interested in, what their motivation is, what their capabilities are,” Hampson says. “You have to have somebody out there watching the adversarial groups, watching inside these forums where they gather, and discuss and trade research back and forth, and discover where they’re going next before they get there.”
The Ukraine has in recent years repeatedly been referred to as a “cybercrime haven”, so if it’s a smear it’s a well-placed one. However, Russia has its own escalating problems with this type of criminal activity. Just last year US authorities uncovered a seven-year-long fraud ring responsible for $300 million (£180 million) of costs to companies. The perpetrators — who disabled anti-virus software on a victim’s computer — were mainly based in Russia, with a Ukraine-based hacker helping hide their activities.
In January of this year, a report from Russia’s Interior Ministry noted that telecommunications and computer technology crimes had risen in the country by 8.6 percent in 2013, during which time attacks that would have cost the public $28 million (nearly £17 million) were scuppered.