Full Disclosure mailing list archives

Re: Hackers View Visa/MasterCard Accounts

From: "Kevin Spett" <kspett () spidynamics com>
Date: Tue, 18 Feb 2003 10:59:34 -0500

Here's an excerpt from the posting to net-security.org:

---------
The hacker breached the security system of a company that processes credit
card transactions on behalf of merchants, Visa and MasterCard said.
---------

Looks like someone just ran off with a database.  I haven't done any math,
but I'd think that brute forcing that many card numbers and expiration dates
would take ages.

Kevin.


----- Original Message -----
From: "Jason Coombs" <jasonc () science org>
To: <full-disclosure () lists netsys com>
Sent: Tuesday, February 18, 2003 4:28 AM
Subject: [Full-disclosure] Hackers View Visa/MasterCard Accounts

So, anyone know whether this was a simple "real-time credit card

processing

oracle" attack where a tool throws fake orders at sites that provide
real-time credit card authorizations until a valid card number and
expiration date are found?

Any third-grader with a copy of Microsoft .NET or Java 2 class libraries
could whip up the code needed to bang away at the typical e-commerce site
logging rejected orders due to invalid credit card payment and revealing
card numbers and expiration dates that can be used for fraud in a variety

of

ways.

There must be such credit card "hacking" tools circulating for the benefit
of script kiddies -- anyone looked into this before? If so, will you share
some references?

Jason Coombs
jasonc () science org

--

Hackers View Visa/MasterCard Accounts

Mon February 17, 2003 11:17 PM ET

NEW YORK (Reuters) - More than five million Visa and MasterCard accounts
throughout the nation were accessed after the computer system at a third
party processor was hacked into, according to representatives for the card
associations.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Hackers View Visa/MasterCard Accounts, (continued)
- - - Re: Hackers View Visa/MasterCard Accounts KF (Feb 18)
    - Re: Hackers View Visa/MasterCard Accounts Kevin Spett (Feb 18)
    - RE: Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 18)
    - Re: Hackers View Visa/MasterCard Accounts Kevin Spett (Feb 18)
    - RE: Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 18)
    - RE: Hackers View Visa/MasterCard Accounts Bernie, CTA (Feb 18)
    - RE: Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 18)
    - RE: Hackers View Visa/MasterCard Accounts Bernie, CTA (Feb 19)
    - RE: Hackers View Visa/MasterCard Accounts Richard M. Smith (Feb 18)
    - RE: Hackers View Visa/MasterCard Accounts Bernie, CTA (Feb 18)
  - Re: Hackers View Visa/MasterCard Accounts Kevin Spett (Feb 18)