A recently published book, How to Steal a Million, The memoirs of a Russian Hacker, lifts the lid on the ‘carding market’ which thrives on the dark web.

The author goes into detail about selling credit card dumps (stolen in hacks), producing counterfeit credit cards, using information and contacts on CarderPlanet.com, getting into spam, rigged auctions and pornography, then creating his own carder forum.

He also got ten years in a former Soviet prison and work camp when he was caught and the book opens with his impressions of boiled cabbage and prison cells.

The author, Sergey Pavlovich, explains he is not a hacker but someone who used stolen card information to end up earning close to $100,000 a month. In contrast, he could have expected to earn $200 a month in a legitimate job.

The book offers interesting personal insight into how the underground ‘carding industry’ works:
  • Many of those involved aren’t stereotypical criminals as such; rather they are technically minded, have taken maths or physics at universities and colleges and have parents who are engineers. 
  • He complains about the difficulty of getting the hackers, who steal the payment card information from the likes of Walmart, to get enough new card numbers, as they are just interested in splashing the cash as soon as they get their hands on it. 
  • The carders thought they were carrying out ‘victimless’ crimes against banks and turned a blind eye to individual victims, as most were in the West. It was assumed they were able to afford the losses. 
  • If small businesses may have closed or people suffered real hardship as a result of their activity there was little, if any, remorse.

Corruption provides protection

You might think the deterrent of the law might have some effect on those entering this world, but apparently not as outlined by Pavlovich:
  • Hackers in Russia thrive because the police do not have enough resources to finder killers, let alone hunt hackers. 
  • If a Russian hacker is found by the police, it’s more likely to be the FBI or a European law enforcement agency, but Russia never extradites such suspects.  
  • If the Russian police do find them, then there’s no need to go to prison: usually it’s easy enough to pay the police for protection.  
  • Even if the case ends up in court, hackers often receive probation sentences because they can simply buy the courts

The book is woven in the style of a personal narrative which gives it a ‘real’ feel though it won’t win any literary awards.

What’s fascinating is the insight it provides about how this huge underground enterprise works, the characters in it, how people get sucked into carding and the ordinariness of those involved.

You’ll discover the actual carding infrastructure , how it operates, details on the hackers who steal the payment card data, insight into how the cards are sold,  creating new cards using the stolen data and the buyers.

Fast cars, fast money

It’s a world of fast money, fast cars and a playboy lifestyle populated mainly by young guys aged between 18 and 30.

And it’s not the banks that get hit regularly; rather it’s the retail chains, hotel chains and so on who suffer the biggest breaches because they don’t secure customer card information with strong enough encryption.

If you had any doubts that your payment card information wasn’t of much interest to hackers than this book will disabuse you of that notion.

If you don’t want to buy it there are plenty of websites offering PDF-formatted chapters, so you can get a flavour of it.

It may also propel you to considering defending your personal data with cyber security such as that provided by BullGuard Premium Protection. It safeguards you from fraud if any of your information is stolen in a hack.