Hackers use YouTube to sell stolen credit card numbers, group says
An Internet safety group calls on YouTube to more proactively police uploaded videos
IDG News Service - YouTube has thousands of videos promoting compromised credit card numbers, with the site sometimes running advertisements for legitimate credit cards or retail outlets alongside the hacker videos, according to a new report from an online safety group.
YouTube advertisements from credit cards and compromised retailers are, in effect, paying for videos advertising compromised credit card numbers, the Digital Citizens Alliance said in a report released Tuesday.
"It's troubling to see criminals infest YouTube in this way," said Tom Galvin, executive director of the Digital Citizens Alliance. "It's equally troubling to see [YouTube parent] Google profit from that via ads, because it speaks to whether or not Google has an incentive to take this stuff down."
When comparing ads for compromised credit card numbers on YouTube and on anonymous marketplace Silk Road, the group found "there isn't that big of a difference," Galvin added. "That's a scary thing. Silk Road is viewed as nefarious and the dark Web, and YouTube is viewed as a kind of a playground for everyone from preteens to adults."
The group ran several credit card-related searches on YouTube this year. The phrase, "how to get credit card numbers that work 2014," yielded 15,900 results. "CC info with CVV" (credit card info with card verification values) produced 8,800 results, and "buy cc numbers" produced more than 4,800 results.
"CC number with CVV" yielded nearly 4,200 results.
In some cases, the videos promoting compromised credit cards ran next to ads for American Express, Discover Card, Amazon.com and Target, which announced a data breach in December, according to the report.
A spokeswoman for Google, YouTube's parent company, said the company works hard to police videos there.
"Our guidelines prohibit any content encouraging illegal activities, including videos promoting the sale of illegal goods," she said by email. "YouTube's review teams respond to videos flagged for our attention around the clock, removing millions of videos each year that violate our policies. We also have stringent advertising guidelines, and work to prevent ads appearing against any video, channel or page once we determine that the content is not appropriate for our advertising partners."
Digital Citizens Alliance, which has targeted YouTube in the past for videos advertising steroids and prescription drugs, acknowledged that YouTube has a difficult job in policing the millions of hours of videos uploaded there each day.
But Galvin called on YouTube to take a more proactive approach to flagging objectionable videos. The company could require a human reviewer to check videos with search terms associated with credit card fraud and other illegal activity, he said.
"If they took a dozen or so search terms and just took the time to create a review process around it, they could do a lot of good work," he said. "We're not suggesting their going to take onerous task of reviewing every video. That would be unrealistic, but they could isolate certain search terms."
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts