Tuesday, April 3, 2012

Do Not Try This!

Again. Do not actually try this. If the video is real and you try this, you are knowingly involving yourself in fraud!

Let the proper authorities investigate this situation.

[Click for Fraud Video]

The video never did confirm that money was actually charged to the credit card. This could mean that there was never any actual fraud. There could be an after-transaction confirmation from the credit card company. I do not know if there is such a thing, but I will not actually say that fraud has been committed.

If the video does demonstrate a true security weakness you might be thinking "So what. I can use incorrect information to make a donation with my credit card." The truth is so can anyone else.

The following is for informational purposes only. It is intended to describe how criminals think and why you need to secure your websites and transactions.

You can not steal money for yourself, but you could donate someone else's money to Obama.

What you need and what to do:
  1. A scriptable browser
  2. A proxy or set of proxies in the cloud to surf the web with
  3. Use a script to scrape the web and harvest email addresses
  4. ( optional step ) Use a script to scrape the web and harvest real addresses
  5. Run a script to use this information to automatically fill out and submit donations. Script will need:
    • Credit Card number generator
    • Cookie clearing between donations
    • ( optional ) Proxy switching
    • Access to the data harvested
Basically, someone might guess your credit card number and successfully make a donation using it.

I know there are other methods that can be used and the above method does not guarantee you will not get caught. This is just a simple glossed over explanation of how it is done.

NOTE: If any comments are submitted on better trade craft, "how to," tools, etc., I will have to deny the comment.

No comments:

Post a Comment