Stolen Credit Card Hunt

As a cybersecurity researcher who uses social media very effectively, you know that I have turned messages I have received through social networks and emails into security research, and then into articles and presentations. In this story, which has the same starting point as others, you can see how I benefited from a cyber threat intelligence received through a social network for the purpose of ensuring customer security.

As usual, on the morning of July 17, 2020, as soon as I woke up, I picked up my phone and started looking at my social media accounts to check cyber security news. A message from a person named Ebubekir BASTAMA on LinkedIn caught my attention, in which he tagged me in addition to banks. The message contained a video showing credit card information in plain sight and asked if they were canceled for customer security.

Stolen Credit Cards
Stolen Credit Cards

As I started watching the video, it seemed that a service called Coez Checker, which is used to check stolen cards, was hacked by scammers to message other scammers. The scammer showed the stolen card information registered on the system on July 13 for about 30 seconds of the approximately 3-minute video, and then ended the video recording after sending his message to other scammers. When I tried to access the address http://40[.]114.198.150/live.txt, where the stolen card information seen in the video is located, as I expected, the file had already been removed from the broadcast and I was left with only this video.

Stolen Credit Cards

Thinking about how I could share the card information in this video with banks, including Banking Regulation and Supervision Agency (BRSA), in order to prevent citizens from being victimized by scammers, I decided to split the video file into frames, and then analyze the image files with OCR, as I did in my blog post titled “Sponsored Scamming”, to reveal the card information. I remembered doing a similar study for the blog post titled “X Financial Institution – Animated Captcha (GIF)” in 2009.

First, I used the Y2mate YouTube Downloader website to download the relevant video file from YouTube.

Stolen Credit Cards

I developed and downloaded a tool called Cam2Jpg that splits the specified video file into frames and saves them in JPEG format, and when I ran it on the downloaded video file, it produced more than 5000 image files.

Stolen Credit Cards
Stolen Credit Cards

This time, using Python and the Python-tesseract project, I developed another tool called Jpg2Ocr (I decided not to publish the tool to prevent it from being misused) that analyzes the image files and detects credit card numbers. When I ran this tool on the image files, it produced more than 1000 credit card numbers in a short time.

Stolen Credit Cards

Feeling a sense of responsibility and happiness for preventing more of our citizens from being victimized by sharing all of the credit card information I obtained with the authorities on the same day, I completed another security research.

It is always useful to closely monitor social networks on your own, even if you benefit from one or more cyber threat intelligence services, in case the intelligence does not arrive or arrives late.

Hope to see you in the following articles.

image_pdfShow this post in PDF formatimage_printPrint this page
Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like
Read More

Antimeter Tool

Generally I prefer writing my articles in Turkish and I support my articles with proof of concept codes, videos and small tools. In my previous article, I created a small tool called antimeter which scans memory for detecting and also killing Metasploit’s meterpreter. I did not expect that much interest…
Read More
Read More

WhatsApp Scammers

Introduction I recently received my share of calls and messages from foreign cell phone numbers, disturbing almost everyone, especially in Turkey, who has used the WhatsApp application in recent days. Of course, as in my articles on other scams (Exposing Pig Butchering Scam, LinkedIn Scammers, Instagram Scammers), I rolled up…
Read More
Read More

New Job, New Me

It’s been quite a journey, after 10 long years filled with career successes and six promotions, I started my role as a Mid-Level Security Specialist at IBTech in June 2007. Just last week, I bid farewell to my position as Technical Leader. It turns out that leaving behind colleagues you’ve…
Read More