Hackers use YouTube to sell stolen credit card numbers, group says
An Internet safety group calls on YouTube to more proactively police uploaded videos
IDG News Service - YouTube has thousands of videos promoting compromised credit card numbers, with the site sometimes running advertisements for legitimate credit cards or retail outlets alongside the hacker videos, according to a new report from an online safety group.
YouTube advertisements from credit cards and compromised retailers are, in effect, paying for videos advertising compromised credit card numbers, the Digital Citizens Alliance said in a report released Tuesday.
"It's troubling to see criminals infest YouTube in this way," said Tom Galvin, executive director of the Digital Citizens Alliance. "It's equally troubling to see [YouTube parent] Google profit from that via ads, because it speaks to whether or not Google has an incentive to take this stuff down."
When comparing ads for compromised credit card numbers on YouTube and on anonymous marketplace Silk Road, the group found "there isn't that big of a difference," Galvin added. "That's a scary thing. Silk Road is viewed as nefarious and the dark Web, and YouTube is viewed as a kind of a playground for everyone from preteens to adults."
The group ran several credit card-related searches on YouTube this year. The phrase, "how to get credit card numbers that work 2014," yielded 15,900 results. "CC info with CVV" (credit card info with card verification values) produced 8,800 results, and "buy cc numbers" produced more than 4,800 results.
"CC number with CVV" yielded nearly 4,200 results.
In some cases, the videos promoting compromised credit cards ran next to ads for American Express, Discover Card, Amazon.com and Target, which announced a data breach in December, according to the report.
A spokeswoman for Google, YouTube's parent company, said the company works hard to police videos there.
"Our guidelines prohibit any content encouraging illegal activities, including videos promoting the sale of illegal goods," she said by email. "YouTube's review teams respond to videos flagged for our attention around the clock, removing millions of videos each year that violate our policies. We also have stringent advertising guidelines, and work to prevent ads appearing against any video, channel or page once we determine that the content is not appropriate for our advertising partners."
Digital Citizens Alliance, which has targeted YouTube in the past for videos advertising steroids and prescription drugs, acknowledged that YouTube has a difficult job in policing the millions of hours of videos uploaded there each day.
But Galvin called on YouTube to take a more proactive approach to flagging objectionable videos. The company could require a human reviewer to check videos with search terms associated with credit card fraud and other illegal activity, he said.
"If they took a dozen or so search terms and just took the time to create a review process around it, they could do a lot of good work," he said. "We're not suggesting their going to take onerous task of reviewing every video. That would be unrealistic, but they could isolate certain search terms."
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Cybercrime and Hacking White Papers | Webcasts