Today, we will be exploring the world of carding a bit and following the path of a kid on his way to becoming a full-fledged carder. I spent about an hour on the basics of the investigation.
The tools I used for this post include:
I started by jumping into OIMonitor and looking at some of the projects that are pointed at credit cards and other types of financial fraud.
This site will do:
In this exercise, I decided to target the newer guys to the forum as their operational security would be a bit lower.
In the screenshot above, we can observe we’ve got a guy looking to move some cash. He’s obviously new to this scene, so we will probably find mistakes easily. There are a number of approaches we can take here, but I’m going to start by running his alias through SocialNet as it looks to be somewhat legitimate.
Great! I’ve found a number of profiles with that alias, including a few that are older. Next, I’m going to try to verify that the accounts we see here are actually the guy from the forums. My first stop is location.
Interesting, I’ve found that the address linked to his Skype is in Canada. He said he was in Canada in the post, so this is good news. It’s very possible someone could be impersonating him, so let’s follow the white rabbit and see if we can connect him to these profiles.
To expand the search, I’m using some features of SocialNet. First, I’m utilizing his alias and expanding that into a number of email addresses. I’ve discovered a ProtonMail account. This isn’t indicative of our target being evil, but it’s common that people who value privacy tend to have ProtonMail accounts.
Next, I’m going to investigate the content of these accounts. While digging around, I’ve determined this guy likes video games and has been online since he was young. He has a large number of followers on Instagram, but most importantly, he’s left his email on his Twitch account.
This is great news. After putting the email into SocialNet, we see interesting connections showing that this is indeed our target’s Skype and Twitch account, along with a new alias. Most important of all, I’ve uncovered an actual social networking profile.
This is a much better picture of our target. We’ve found a second Skype with the same city, as well as learned about a few more email addresses. Now, it’s time to dig into the social network and determine if this truly is our target.
This is what my Maltego graph looks like after a few minutes of investigation.
What have I learned?
- I’ve mapped his family.
- I’ve mapped his friends from school.
- I’ve mapped his girlfriend of 5 years.
- I know his mom’s address (and probably his).
- I know what he likes (sketchy things).
- I know he was in some TV commercials.
But most importantly, I’ve found a pretty solid indicator that this guy is the person we are looking for. He’s the admin of a group about “hacking” with this familiar face/moniker as the banner:
Now, it’s important to understand this doesn’t 100% prove this IS the guy in the carding forum. It does give us some very strong indicators that he’s our guy. With some more investigation and time (more than an hour), I’m sure we can build a wonderful case around this and possibly stop someone from stumbling into a world that will take them down paths they should not be walking.