If you want to make enemies, try to change something.
Thursday, 12 January 2012
Interview with a carder
Talked with a carder recently via OTR Messaging.
Xylitol: In wich country/continent did you live ? Z: Europe.
Xylitol: Law about carding in your country are high ? Z: yeah like everywhere else, I'm actually carding some stuff right now, as we speak.
Xylitol: Did you fear to get caught ? Z: Yes, everyone fears to get caught, its the worst that can happen to a carder, but as long as you use descent protection when youre carding you should be safe.
Xylitol: Wich type of card did you use mainly ? Z: Cards that are most rapidly used are cards like Amex Centurion/Platinum and cards that are non-avs and non-vbv platinum visa (non-address verification and non-verified by visa)
Most carders enter on online shop and searches for a specific bin (the first 6 numbers on the card) which identifies the card itself, if its a Visa platinum without VBV.
All amex are also non-vbv which makes them very easy to use because sites that normally require verified by visa password or id chip wont ask for the information and you can buy whatever you want without having to worry about it.
Non avs are also well known and used, these are cards that sites cannot look up the adress or the name on the card, so you can just enter whatever you want as long as the card number, exp date and cvv are correct. These cards are mainly outside the US, like Brazil, Australia, France and Italy etc...
Xylitol: How did you get cards, did you use or have used malwares/phishing tech? Z: Well the most common and easy way is to just purchase them at an online shop that sell cards, these shops usually have a ton of cards so you can just search for the bin you want and the state or even city.
I've also hacked my own cards like many others but you should be very lucky to hit the jackpot to get as much variety as one of the shops.
They are cheap and usually valid so thats what most carders choose to do.
Xylitol: What's protection did you take when you card something ? Z: I always use VPN + RDP + SOCKS.
super-socks.com, vip72.com, you purchase it and you can have a period of time where u can choose socks wildly, all carders use them.
People have viruses and the sites sell the socks installed on the victims computer
you can choose state, city etc...
You can never be safe, the best way is of course to use a hacked wifi + mac spoofing but the police are really busy nowdays atleast in my country so a small case here and there are only going to be put in their archive and forgotten.
Xylitol: Your neighbors was never suspicious about a UPS/FedEx car or the delivery guys who come each time? Z: Actually I dont card to my own country because they all require VBV here, and I dont feel safe to meet fedex myself.
As I said earlier i always put security first.
Usually I use drops in the United States which require 1:1 payment for recieving my package, which means I have to pay them one item of the same, same value as the one I ordered or pay them 20% of the original items value.
Then they reship to my country without any complications.
Xylitol: Did you get already requested by real life friends to card something ? Z: Yes many many times, but I usually denie to card for others on the net or in real life because there is less profit in it and it's alot of work, talking with drop, finding a cardable site.
I like to card items that got use of myself unless its some simple digital goods.
Xylitol: What's did you do with carded stuff, personal use? Z: Like I said above, I only card items that I need myself.
Its very rare that I resell something, unless its carded giftcards or digital goods.
Xylitol: Wich type of things did you card ? Z: I always card electronics.
Computer parts, expensive laptops, Beats by Dr. Dre headset, Wifi antennas outdoor and stuff like that are my favourite as i bet many others share with me.
Xylitol: Did you have a expensive car like in movies ? Z: Haha I wish, no not in my lifetime, this is just for fun.
I got a good job with a very good paycheck and I never plan to take carding that far as im doing quite alright already
Xylitol: What's the first thing you carded ? Z: I carded steroids for 10K to my own adress from my own ip and nothing ever happened. You should never do it like this.
Xylitol: How did you started into carding and what's motivate you to continue? Z: Well I first started carding when I was very young, at the age of 15.
But I advanced after a while, and the last years i've been more and more facinated by hacking, exploiting, insecurity for grabbing sensitive data.
Then I got into underground forums and got into contact with people that I could learn from, and I found it as a very interesting subject.
I dont really need it but when you hit the goal it motivates you to continue.
Its the same way with items, if you manage to card something and you get it as you want, you just cant stop.
Xylitol: Did you do this for a living? Z: I dont do this for a living as I know many other people do.
I do it for fun and because i like to get stuff for free.
Xylitol: Wich malware is the best for get cards ? Z: The most common software by carders and fraudsters are usually SpyEye and Zeus, Zeus is a bit outdate as the coder has discontinued his work on it.
Theres also a new software called GameOver but i have never seen it in action yet.
Zeus source is leaked and free so anyone can take advantage of it, same with SpyEye which is cracked and leaked to the public, thanks to X. (haha)
Xylitol: Can you show me some carded stuff ? Z: Sure.