There is an article in the WSJ, Hackers Stole IDs for Attacks, which discusses the role ID theft played in the Georgian government web site attacks last year.
“Mr. Bumgarner traced the attacks back to 10 Web sites registered in Russia and Turkey. Nine of the sites were registered using identification and credit-card information stolen from Americans; one site was registered with information stolen from a person in France.”
I have my own data point to share on this attack trend. My credit card number was used fraudulently to register 4 web sites from separate ISPs last Monday. The fraud detection was flagged at one of the ISPs, Laughing Squid Web Hosting. Thanks guys! This was because the fraudsters were sloppy and tried to register an invalid domain name as the name of their web server, arararararar.com. Laughing Squid gave me a call and I was able to get my card cancelled and the other ISPs notified within a few hours. Interesting that the other ISPs didn’t notice.
It is easier to steal credit card info from merchants and processors than it is to compromise web servers to build botnet attack and control. There is no physical shipment when you order web server hosting. ISPs need to be more rigorous in their fraud detection.
Poor security at sites processing credit cards can do more damage than hurt individuals, merchants, or banks financially. It is a risk to the internet because the purchasing power of the credit cards can be used to fund attacks.
Veracode Security Solutions
Security Threat Guides
Written by: Chris Wysopal