(ANTIMEDIA) — “The basis of the WWH-CLUB course is the following: item carding — the purchase of goods in online stores at the expense of various payment methods used by the residents of the USA/EUROPE/ASIA/ with its subsequent sale and profit. You will learn to have a free holiday at the resorts of Europe, America and Asia.”
So reads part of the advertisement for a cyber crime course being sold on a Deep Web forum. The class was discovered by security firm Digital Shadows and detailed in a research report published Wednesday that looks into the popular cyber crime of “carding” — stealing and using other people’s payment card data.
All told, the course costs about $945. For that sum, purchasers get 20 different lectures and the ability to chat with the five instructors running the class while viewing them.
Speaking to CNN Tech, Rick Holland of Digital Shadows said the training in the course is uniquely in-depth — more so than in cheaper items like PDFs that are available for purchase — and that “the curriculum and rigor associated with it is not like most of the training materials that are out there.”
The advertising asks potential customers if they want “to become a professional in the world of carding” and goes on to frame the criminal activity in terms of a career, calling it “a new profession, a new source of income, a completely different quality of life!”
Continuing, the ad says the course “is not time-consuming, it will change your view on personal finance, it will show you how to make money in an interesting, intellectual and amicable way, and find progressive friends and community.”
Norman Barbosa, U.S. attorney for the Western District of Washington, told CNN Tech that carders are growing increasingly crafty in their work and making fewer mistakes. Barbosa was part of the team that prosecuted notorious carder Roman Valerevich Seleznev, whose efforts can be tied to at least $170 million in total fraud loss.
Seleznev was sentenced to 27 years in prison in April, and Barbosa says it was a major win for the U.S. Justice Department.
“It’s somewhat common to identify them,” he says. “It’s a little more difficult to prosecute them. Much of the investigations in computer crimes are focused on trying to pull back layers to find out who is behind the criminal activity.”
A recent experiment conducted by the Federal Trade Commission (FTC) yielded some rather startling results. CNN Tech described the FTC’s methods while reporting on the story at the end of May:
“Researchers created 100 fake consumers and gave them fictitious personal information like names, emails and passwords, and either a credit card, Bitcoin wallet, or online payment account. Then they posted the collection of data on a site popular with leaking stolen credentials, once on April 27 and a second time on May 4.”
It didn’t take long for thieves to move in. An hour and a half after the April 27 posting, cyber criminals were already stealing and using the fake data. That’s fast, but not nearly as fast as on May 4, when it took just nine minutes for them to access the accounts.
“All told,” CNN Tech wrote, “there were over 1,200 attempts to access accounts belonging to the fake consumers. That includes a total of $12,825.53 attempted credit card purchases and 493 attempts to access emails.”
The analysis published by Digital Shadows, which has disclosed its discovery of the cyber crime course to law enforcement in the United States and Europe, predicts that up to $24 billion will have been lost to payment card fraud by the end 2018.