What identity thieves are seeking is money, of course. But those who broker in stolen credit cards also are strongly motivated by status, says Dan Clements, CEO of CardCops.com , a credit card protection service agency that scours the Internet for compromised credit card and personal data and reports it to victims and banks.

"Carders would love to root servers at e-commerce sites and own them, especially when credit cards are sitting there unencrypted," Clements says. "Then they post them to carder Web sites and say, 'Hey, rate me.' The better your rating, the better your trading privileges."

Increasingly, carders are part of organized crime rings mostly from former Soviet Union states, Kilger says. In these cases, after the cards are used to purchase expensive items, they're posted at carder sites to obscure their usage patterns and therefore confuse investigators.

Attackers going after e-commerce sites also indiscriminately look for the weakest security . "I call these 'targeted victim attacks.' They gain root with the specific intent to steal something," C&W's Neal says. "I would expect the pattern of intrusion activity to be similar to a 'target of opportunity' attack."

Such an opportunity presented itself in January 2002 to a carder who had rooted at least one server at an e-commerce hosting provider. The case began to unfold in September, when CardCops investigators culled some 60 invoices (complete with purchaser's names, addresses and phone numbers) off Carderplanet.com, a carder Web site since removed.

"We noticed that the invoice numbers had the same long-digit formats. So we started calling the consumers whose card numbers, phone numbers and addresses were on the invoices. We asked them where they shopped. We were able to trace them all back to several merchants at a single hosting provider called Serve.com (since renamed as Datarealm).

PATTERNS OF BEHAVIOUR Profile 2: CREDIT CARD CROOKS • Act quickly and precisely to make their activities harder to detect. • Exploit perimeter through vulnerable ports, services and buffer overflows. • Use Trojan horses (hidden software) to leave back doors for re-entry. • Use sniffers to capture passwords. • Stick around until noticed. • Make few or no mistakes. COUNTER MEASURES For SELF-SUPPORTING e-commerce sites: • Spend resources protecting that which is most valuable (the customer database). • Encrypt credit cards in databases. For SELF-SUPPORTING e-commerce sites: • Contractually bind your hosting service to conduct quarterly vulnerability assessments. • Don’t collocate. Use a dedicated server. • Purchase extra security options.

Click to see:

When he called the merchants whose invoices were heisted, they complained that they'd suspected problems for months because cards were approved at the time of purchase, but then declined two weeks later when they rechecked the cards before shipping backorders.

Whitepapers

• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology
• Vulnerability Management For Dummies

View more SECURITY whitepapers

Webcasts

• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports