Full Disclosure mailing list archives
RE: Hackers View Visa/MasterCard Accounts
From: "Jason Coombs" <jasonc () science org>
Date: Tue, 18 Feb 2003 17:07:09 -1000
And if you were an economic terrorist wouldn't you be keen to compromise all ~580 million credit card accounts in the U.S. that have been issued according to these silly, insecure methods? The "payload" in this attack may be simply to damage the financial markets by destroying the existing (extremely vulnerable) credit card issuer/acquirer/processor infrastructure. Jason Coombs jasonc () science org -----Original Message----- From: Bernie, CTA [mailto:cta () hcsin net] Sent: Tuesday, February 18, 2003 12:32 PM To: full-disclosure () lists netsys com; Jason Coombs Subject: RE: [Full-disclosure] Hackers View Visa/MasterCard Accounts On 18 Feb 2003, at 11:08, Jason Coombs wrote:
lucky for cc fraudsters, issuers opt to create cards in batches where all of the neighboring card numbers share the same expiration date (month/year).
<<< Taking into account that the batches are done sequentially, LUHN checksums could be easily discovered through a bit of simple Mod 10 arithmetic, and that there is better than a 50% probability of predicting the expiration date, I would say that the thief could be more successful at exploiting newly generated credit card numbers, and just use those stolen as seeds. Now assuming that a thief has successfully generated such numbers, what would be the best method of attack? How about a few coins ($0.50) here and there, times 5 million plus cards per month? How many credit card customers or issuing banks will pay any attention to such inconsequential charges? Especially if the statement notes such a charge something like "account maintenance fee"? I fear that the real payload has yet to be calculated. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- GLSA: nethack Daniel Ahlberg (Feb 18)
- Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Richard M. Smith (Feb 18)
- Re: Hackers View Visa/MasterCard Accounts KF (Feb 18)
- Re: Hackers View Visa/MasterCard Accounts Kevin Spett (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 18)
- Re: Hackers View Visa/MasterCard Accounts Kevin Spett (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Bernie, CTA (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Bernie, CTA (Feb 19)
- RE: Hackers View Visa/MasterCard Accounts Richard M. Smith (Feb 18)
- Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Richard M. Smith (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Bernie, CTA (Feb 18)