Stolen banking details of more than a million people (including 100,000 Brits) are being sold on the internet by a group of cyber-criminals for as little as £1.67 each, according to a report by The Telegraph.
It is believed the website Bestvalid.cc is operating on the open internet as opposed to the ‘dark web’, where online criminality of this type usually takes place.
The site looks and operates like a standard retailer, with a customer helpdesk and refunds for faulty products. However, whereas hacked information on the dark web can only be accessed using a special internet browser, this site appears to be accessible using a regular web browser such as Google Chrome or Apple Safari.
It is estimated Bestvalid.cc have been openly operating since at least June last year and sells stolen card details in conjunction with other sensitive information such as postal addresses and victims’ mother’s maiden names.
If the site has indeed been able to run so brazenly for so long, it will inevitably raise some questions regarding the effectiveness of anti-fraud law enforcement amid fears that the police are losing the battle against online fraud. However, Chris Boyd, Malware Intelligence Analyst, Malwarebytes, told Infosecurity:
“That these sites exist is no real indication of the battle between law enforcement and criminals going one way or the other – there's a large selection of carding sites online on the open web, and there have been for many years. The key difference now is that law enforcement and researchers tend to get more out of tracking and shutting down small groups rather than playing whack-a-mole with easily replaceable websites."
“Sometimes difficult to close forums are used by law enforcement to observe specific criminals and gather evidence, eventually going after the individuals rather than the website itself.” he added.