What happens when a hacker takes a class in search engine optimization? They invent Google’s evil twin. Taking a cue from every cheesy James Bond villain, a group of enterprising credit card fraudsters successfully launched a website this week that uses algorithms pioneered by Google – who’s company motto is “Don’t Be Evil” – to search for stolen card numbers online. They call it MegaSearch.cc, and it’s the future of the black market.
Until now, buying a stolen credit card online was an arduous process. First you had to locate one of the underground forums where stolen cards are sold. Then you had to create and verify a user account. Once you were finally in, you had to sift through multiple discussion threads in order to find a card that hadn’t been cancelled yet. If you weren’t impressed by what the “shop” had in stock, you had to start again somewhere else. Searching multiple sites could take hours, even days.
MegaSearch changes all that. Thieves can allegedly now search the inventories of multiple fraud shops with the click of a button. In a matter of seconds, MegaSearch will trawl the bank identification numbers (BINs) of hundreds of thousands of credit cards sold by dozens of black market retailers and deliver the results in an aggregate list that can be sorted by issuing bank, expiration date or even credit limit. According to the site’s anonymous founder, “I’m standing on a big start-up that is going to be [referred to as] the ‘underground Google.’ Many users spend a lot of time looking [through] shops, and I thought why not make that convenient?”
This is bad news for consumers. Hackers have been able to pull off some major heists in the last few years (like the time they stole thousands of different credit card numbers in one fell swoop), but the actual damage they’ve done has been limited because most cards are cancelled long before a buyer is found. Thanks to MegaSearch, black-market dealers can now unload that merchandise exponentially faster. For instance, when the site first went live at the end of 2011, it had indexed a total of 360,000 credit card numbers taken from the databases of five different retailers. Since then, 200,000 of those original numbers have been sold. Walmart would kill to move inventory like that.
And MegaSearch is apparently just getting started. The site’s founder has stated that in the next few weeks he intends to add stolen Social Security numbers and proxies – compromised IP addresses that can be used to disguise a hacker’s online activities – to MegaSearch’s catalog. Such a move would, and likely will, turn the site into a veritable shopping mall for every miscreant and thief on the Internet. Personal information will be more at risk than ever before.
So what’s the government going to do about it? Nothing. Since the site’s server is located on a remote island off the coast of Australia, the FBI is powerless to shut it down. The only thing you can really do to keep your identity safe from this new threat is to keep a sharp eye on your credit statement and report any suspicious charges to your issuer immediately. The sooner you notice a case of fraud, the sooner you can get your credit repaired and your life back in order.