Hackers build private IM to keep the law out

CarderIM helps hackers sell personal information; product's distribution is limited

By Jeremy Kirk, IDG News Service
March 28, 2007

Talkback

E-mail

Printer Friendly

Reprints

Hackers have built their own encrypted IM (instant-message) program to shield themselves from law enforcement trying to spy on their communication channels.

The application, called CarderIM, is a sophisticated tool hackers are using to sell information such as credit-card numbers or e-mail addresses, part of an underground economy dealing in financial data, said Andrew Moloney, business director for financial services for RSA, part of EMC Corp., during a presentation at the International e-crime Congress in London on Wednesday.

CarderIM exemplifies the increased effort hackers are making to obscure their activities while continuing to use the Internet as a means to communicate with other criminals. "They're even investing in their own custom tools, their own places to work," Moloney said.

CarderIM's logo is humorous: two overlapping half suns in the same red-and-yellow tones as MasterCard International Inc.'s logo. The name, CarderIM, is a reference to the practice of "carding," or converting stolen credit-card details into cash or goods.

Often, the hackers who obtain credit-card numbers aren't interested in trying to convert the data into cash. But other people are. On the Internet, the two can meet. But the data buyers and sellers are constantly on the lookout for the "rippers" -- security experts or police who are gathering data on them, Moloney said.

It's not known how widely CarderIM is being used, but its distribution appears to be limited, Moloney said. Searches through Google uncover a few passing but incomplete references to the program. It's also not easy to find a copy of it.

"To get ahold of it [CarderIM] you need to be part of one of the trusted groups, which we have agents within," Moloney said.

During his presentation, Moloney showed a screenshot of an advertisement for CarderIM, which addressed the need to "secure the scene." The application supposedly uses encrypted servers that are "offshore" and does not record IM conversations.

Hackers may have needed a more secure IM application, since most of the free ones, such as ICQ, transmit messages in clear text, which can be intercepted, Moloney said.

"They know that we watch and listen," Moloney said.

Add to:

Digg

Talkback:

comment Post a Comment

MOST COMMENTS

The last chance to save Windows XP

Windows 7 is coming. Will your PC be ready?

A requiem for Windows XP

Making desktop Linux work for business

>> Talkback: Have your say

Dialing up Agility with Business Transformation
Is your organization innovating quickly enough to meet their needs, drive your business goals, and rise above the competition? Business Integration - leveraging the power of BPM and SOA - is the key to making the transition from the fragmented enterprise to a connected one. Register to attend this live webcast now!

» Click here to view this Webcast

Zombie PCs Are Attacking Your LAN
A recent study showed that malware-infected zombie PCs are now a bigger threat to ISPs and Web infrastructure than DoS attacks. As this brand new IT Strategy Guide explains, an increased use of peer-to-peer techniques by the attackers has made it harder to fight back. Download now, compliments of Verio:

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Agile Development: 5 Steps to Continuous Integration - As more and more organizations adopt agile development, the need for continuous integration of a build can be a daunting...
Leading Analysts: Pen Testing is a Requirement - In a newly-published case study, Gartner's John Pescatore, one of the most respected analysts covering the IT security market...
Help Simplify Virtualization - One common challenge IT organizations face is server sprawl, which can require large amounts of facilities and support resources...
Solution for Open Virtualization Provides Server Consolidation - Using virtualization to decrease the number of servers presents cost savings opportunities. Organizations that want to take...
A Guide to Rich Internet Application (RIA) Security - Read about Forrester's findings on RIA security included in a Forrester Research paper valued at $775 titled "Securing Rich...
Disaster Recovery in Minutes - This paper describes a complete disk-based system recovery solution for Microsoft Windows based servers, desktops, and laptops...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

Hackers build private IM to keep the law out

MOST COMMENTS

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Video

Podcasts

InfoWorld Blogs

Columnists

Find Products and Companies

Resource Center

Sponsored Technology Links

Sponsored Technology Links
CA - Efficient - Flexible - Compliant PGP - Is Your Data Safe? Novell, IBM, and Intel - Solution for Open Virtualization Provides Server Consolidation Curl - IT Guide: Rich Internet Application (RIA) Security HP/Intel - If you don't have enough I/O, your VMs aren't going to go. Symantec - Whitepaper: Secure, recover, and archive critical information Microsoft - {Open Source} Heroes Happen Here Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching InterSystems - Use Ensemble - quickly create composite applications. AT&T - Factors to consider when comparing DSL or Cable Cirba - Advanced Workload Analysis Techniques Rackspace - Go Green Without Sacrificing Server Performance CA - Manage your IT more effectively. AT&T - Measuring mobile productivity AT&T - Thinking about IMS CA - Plan IT better, Manage IT better. AT&T - Refine your company's plan for a Business Disruption Event AT&T - Going mobile with today's technology Cirba - Consolidating Workloads onto Mainframes AT&T - What to expect from a Technology Assessment.		AT&T - Class of Service: Myths and Misconceptions AT&T - Enhancing security through Quantum Cryptography Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. HP - Explore the interactive whitepaper: Rightsizing Blades for the mid-market. Symantec - Webcast: Beyond AntiVirus AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor EMC - EMC and VMware help you build your virtualized infrastructure. AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Vkernel - Resolve Capacity Bottlenecks and Enhance Your Virtual Environment Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist