www.hackersbook.

com
Dear customer, thanks for your order and your download from the online readers area of the chapter Phreaking Credit card payments. We hope, you enjoy reading this chapter on your computer screen before you receive the copy of our book. Please do not give this file or prints of this file to third parties. Its only for our customers! Best regards, Ingo Haese

Copyright 2004: www.hackersbook.com

Phreaking Credit card payments

This is the use of false information to register as a new user at a pay site. Most commonly, immediate access is authorized after a credit card number is provided. This is of course forbidden and the attention of webmasters is primarily the main objective here. They should use this information to protect against misuse. Phreakers usually use anonymous Internet accesses. Test access into the Internet through AOL is most commonly misused for this purpose. In almost every computer magazine there is a test membership offer. Okay.net also allows immediate access after the necessary information has been filled in. The information holds false names and non-personal bank account numbers obtained from some receipt or somewhere else. This enables one to be an anonymous member for a month with AOL or okay.net with full Internet access. One also needs a valid credit card number (preferably VISA or MASTERCARD). This is somewhat harder to obtain. A simpler way is by using credit card generators like Credit Wizard, Cardpro or creditmaster. A search using metacrawler.com for phrases like credit card generator often yields success. It should be noted that the online transaction centres are not able to exactly judge if the given credit card number exists or not, or who the owner is. Logarithms are used to match the credit card number to the expiry date and validity structure. Therefore it becomes easy -- and acceptable -- to give and use any name and address together with the generated card number. The generators do not however give the correct expiry dates. Easy and effective tricks do exist and one can use them to obtain correct expiry dates and card numbers. Most of the programmes mentioned above, make it possible to generate new card numbers using valid existing numbers. The difference usually lies in the last few digits, and since the credit card providers issue the cards in ascending series, the generated numbers usually have the same expiry date of the one used to extrapolate.

Copyright 2004: www.hackersbook.com

The following diagram shows an example of such an extrapolation:

One can therefore use his own valid credit card to generate new card numbers. The generated date of expiry is very likely to be the same as the one on the existing card. There is also no reason to fear a follow up that will re-trace these actions. Internet access using test memberships from AOL offers complete protection. If such access is unavailable, an anonymizer may be used, and can be found for example under www.anonymizer.com. If one surfs using the anonymizer, any IP-Address re-tracing is impossible. A less effective way of concealing the IP-Address is by using proxy servers. Most Internet service providers offer surfing services through proxy. Attention: If one uses his/her own Internet access, rather than an anonymous AOL access, anonymizer or proxy, it is possible for the owner of the website to trace the individual. The server retains a record of the IP address of any machines being used to access the site. As such, the site owner only needs to contact the Internet provider and ask for the IP-Address. The providers usually have a protocol dating back to the past 80 days, showing when anyone went online.

Copyright 2004: www.hackersbook.com