A research made by FireEye regarding cyber crime group named FIN6 was published on April 21st. FIN6 hacked to many retail and hospitality businesses and stole 20 million credit cards worth 400 million USD. The cards were then sold in dedicated forums of cyber crime in the darknet, so they can be used for acts of fraud.
The difference between FIN6 and other cyber crime groups is the fact that the former makes an effort to make sure that the cards reach criminal markets fast and as efficient as possible to maximize the price of the cards. The value of the stolen cards on the relevant forums depends on how “fresh” the cards and their information are. When the most valuable cases are when the issuer does not know that the card was stolen. Once the theft is detected, the value of the cards naturally decreases.
Cyber crime groups currently operate to install malwares in PoS stations to steal as many credit cards as possible. But they do not make use of stolen cards, rather sell them to those performing different scams.
Previously stolen credit cards were used to withdraw money and transfer it to criminals’ bank accounts, or for the acquisition of valuable products and then physical shipment of those. These methods have become ineffective since the withdrawal of funds requires physical engagement and trust, and physical delivery has become more difficult due to the fact that many American companies are blocking deliveries to certain countries, including Russia and Ukraine.
Today, another method is used in which goods are purchased using the stolen cards, then sent to a neutral address, generally people recruited for this task as part of a greater fraudulent, upon receipt of the goods it is sent to the criminals who sell it on the black market or legal sites. Due to the complexity of the system, it is difficult to track, stop and return shipments; it has become a common way of making cash from stolen cards. Some crime groups also offer services of re-shipment like that for 50% of the profit or determining a flat rate of 50-70 dollars per package.
Experts estimate that one site of delivery of goods earns on average 7.2 million USD per year out of an annual market of 1.8 billion USD.
The study also found that the distribution is quite clear; Most of the cards were stolen in the US, where also the purchase of stolen goods is made, with 85% of the merchandise sent to Moscow or its surroundings, as a result, the firm estimates that this gang operates from Eastern Europe.