Investigators Find Famous DJ's Credit Card Details for Sale

Armin Van Buuren is one of the world's most well-known trance music DJs. He also apparently has had his credit card details stolen.

Investigators with Ultrascan, a company that investigates credit card fraud and other kinds of online crime, were doing research on forums and systems used to sell credit card numbers, said Frank Engelsman of Ultrascan.

Catalog of Stolen Data

One analyst was using the ICQ instant messaging system where cybercriminals had set up an automated account to sell credit card numbers. Their ICQ user name was run by a bot, which automatically responds to certain commands.

Artwork: Diego Aguirre
A potential buyer for stolen credit card details sees a greeting: "Hello welcome to ICQ bot. Press '1' for Russian. Press '2' for English." After pressing "2," users get three selections: "1. Buy CVV, 2. Checker 3. Account," according to a screen shot supplied by Ultrascan.

When CVV is selected, the buyer sees how many credit card details are available, sorted by country. From the screen shot, it was possible to see that some 19,046 U.S. card numbers are for sale, 7,843 from the U.K. and more from other countries such as France, Italy and the Netherlands.

After picking the Netherlands, the bot offered up the truncated details for four cards and the names of those cardholders, one of which was named "Armin Van Buuren."

The Ultrascan researchers immediate recognized Van Buuren's name. They bought his card details, and the bot returned the DJs full credit card number, the three-digit security code on the back of the card and the name of his bank.

Ultrascan contacted Van Buuren's management agency in the Netherlands. An official at the management agency on Friday confirmed they had been contacted.

Saved from Scam

It's not known if his credit card details were ever used, but Engelsman said cybercriminals typically do not "double sell" details. The details cost US$6, Engelsman said. UItrascan does not normally buy stolen credit card details but did in that case to prevent Van Buuren's from being used, he said.

From the format of the data, it appears that a database of credit card numbers was hacked, Engelsman said. Credit card companies, retailers and other data processors have taken steps in recent years to shore up the security of their processing systems to prevent such attacks, but data breaches still occur.

Englesman said Van Buuren's credit card company called Ultrascan on the DJ's instruction, and Ultrascan informed the company of the problem. (See also "Identity-Theft Protection: What Services Can You Trust?")

Van Buuren's situation is hardly unique. Computer security analyst for years have warned how cybercrime has turned into an underground economy, with hackers stealing credit card numbers and offering them for sale in forums where other fraudsters that specialize in abusing financial details.

"Everybody can be a victim," Engelsman said. "It doesn't matter who you are."

Send news tips and comments to jeremy_kirk@idg.com

Subscribe to the Security Watch Newsletter

Comments