Re: [Full-Disclosure] Hackers View Visa/MasterCard Accounts

From: Kevin Spett (
Date: 02/18/03

  • Next message: KF: "Re: [Full-Disclosure] Hackers View Visa/MasterCard Accounts"
    From: "Kevin Spett" <>
    To: <>, <>
    Date: Tue, 18 Feb 2003 10:59:34 -0500

    Here's an excerpt from the posting to

    The hacker breached the security system of a company that processes credit
    card transactions on behalf of merchants, Visa and MasterCard said.

    Looks like someone just ran off with a database. I haven't done any math,
    but I'd think that brute forcing that many card numbers and expiration dates
    would take ages.


    ----- Original Message -----
    From: "Jason Coombs" <>
    To: <>
    Sent: Tuesday, February 18, 2003 4:28 AM
    Subject: [Full-Disclosure] Hackers View Visa/MasterCard Accounts

    > So, anyone know whether this was a simple "real-time credit card
    > oracle" attack where a tool throws fake orders at sites that provide
    > real-time credit card authorizations until a valid card number and
    > expiration date are found?
    > Any third-grader with a copy of Microsoft .NET or Java 2 class libraries
    > could whip up the code needed to bang away at the typical e-commerce site
    > logging rejected orders due to invalid credit card payment and revealing
    > card numbers and expiration dates that can be used for fraud in a variety
    > ways.
    > There must be such credit card "hacking" tools circulating for the benefit
    > of script kiddies -- anyone looked into this before? If so, will you share
    > some references?
    > Jason Coombs
    > --
    > Hackers View Visa/MasterCard Accounts
    > Mon February 17, 2003 11:17 PM ET
    > NEW YORK (Reuters) - More than five million Visa and MasterCard accounts
    > throughout the nation were accessed after the computer system at a third
    > party processor was hacked into, according to representatives for the card
    > associations.
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter:

    Full-Disclosure - We believe in it.