“Do you prefer an IBM Laptop or a 60 GB iPod Nano?” Dak said, his tone serious – “I currently have over a thousand ‘free CCs’ (stolen online credit card numbers) that are still good, unused, and can be shipped directly to Vietnam easily. You just have to go through customs to receive the goods. The success rate is about 60%, so if you dare, go for it!”
Starting as a “Newbie”
The truth is Dak (a Vietnamese young man born in 1984) was not joking. Just a few minutes earlier, he guided me with some search keywords on Google to find an online shop with a programming error in its Jet Database – a form of SQL Injection. With a few other commands, he began manipulating the numbers from small to large to identify the column containing the admin’s username and password. “From experience, column 262 usually corresponds to number 46” – Dak had succeeded.
 |
“Free CCs” are being sold on many forums… |
“The next step is to find the Cpanel link“, also based on experience. Dak explained: “Shops typically have default Cpanel links (like http://www.shopname.com/shopadmin.asp or shopname.com/shopadmin1.asp), and while most shops change their links, the reality is that not everyone is keen on the complicated security processes. Fatal mistakes often arise from the simplest vulnerabilities.” Dak elaborated and began extracting credit card (CC) numbers from the shop’s database that could be used for online payment.
Before the account owners could detect the issue and change their passwords, Dak had full access to use them to order any item priced lower than the account balance. Typically, he would ship items from several larger shops via intermediary shipping services to send them back to Vietnam as gifts.
The entire process took less than 30 minutes. However, it was Dak’s experience and luck that helped him this time; usually, other attempts are much harder, as increasing security levels make hacking shops less successful. Sometimes hackers have to sit for days, adjusting values from low to high in search commands to find the table containing the admin password column, which can range from 1 to several hundred attempts, consuming a lot of time. “No shop dares to claim they are impervious to hacking, and the most common vulnerabilities are typically Jet Database and SQL Injection“, Dak observed.
At just 22 years old, Dak first learned to chat four years ago while in the 11th grade. After that, he tinkered with creating websites as gifts for his girlfriend on various forums and began needing to use long-term domain names and relatively good hosting. Some older peers in the “underground world” taught him how to use “free CCs” to purchase domains and hosting.
“These are intangible assets (domains, hosting capacity), I hardly feel guilty or regretful for wanting things to build forums and free music websites for my friends” – Dak confided.
Advancing Skills
Dak’s journey from “newbie” proceeded through self-learning and exploring forums primarily. Sometimes, more experienced mentors would offer detailed guidance. However, successful shipping requires more self-exploration experience than theoretical knowledge.
Dak stated: “Simply faking an IP address (using a virtual IP on the Internet) when shopping online with a ‘free’ account is a basic requirement; the IP must not be from Vietnam. More importantly, the state of the IP used must match the state of the CC used to achieve the highest level of trust, but that’s not everything – every shipping attempt also requires an element of luck“.
Previously, Dak and residents of the “free CC” underground world often used tools like Findnot, but currently, they mainly utilize “private socks,” meaning they use a private sock by connecting through an intermediary host purchased by the shipper. Data is transferred through this intermediary host to the shop. This way, when the online shop checks the IP, it will only see the host’s IP, while the shipper, after deleting logs from the host, secures their IP, keeping it hidden, and these IPs always have a high “cleanliness” level!
“Free CCs are widely spread across the internet, most of which are no longer usable, but there are individuals who specialize in hacking shops to sell validated CCs, and these are usually reliable,” Dak continued, affirming: “Those skilled enough to hack shops are becoming fewer; most shippers typically use CCs shared or sold by others, which leads to increasing chaos in the underground world. Professionals are starting to hold back to work independently, making detection increasingly difficult“.
After several years of studying programming and hacking, Dak, who has a natural talent, began to hack his first shops to obtain his CCs. Gradually, Dak’s skills in using them effectively also began to improve. Naturally, this also meant he was sinking deeper into the vortex of temptation and crime.
Of course, not every parameter of a “free CC” is immediately usable. Before using it for the intended purpose, shippers need to perform an important and very basic step… reading the CC. Dak stated: “CCs are divided into many types such as Visa, Amex (American Express), MasterCard,… Each card type has different starting numbers. Therefore, attention is needed when choosing the appropriate credit card type. Next comes the process of checking whether the CC is live or dead (whether the information is still accurate or has been changed).” Typically, Dak checks CCs using a Yahoo service. If the information is accurate, that service will accept his CC – meaning that CC can be used.
Another trick to know the current balance in the account is price comparison: “Try taking the initial steps to buy items with the hacked CC at an online shop” Dak explained – choosing any item. If the shop accepts the purchase, it means the balance in the account is greater than or equal to the item’s price in that shop. At that point, he can complete the transaction or cancel to choose another item at any shop.
Rules of the “Underground World”
 |
…and are shared indiscriminately among shippers via email! |
All my exchanges with Dak took place through Yahoo Messenger. This was one of the unwritten rules of the “underground world.” Unless absolutely necessary, it’s best not to know each other’s real information, no webcams, addressing each other by our nicknames, and of course, it’s very difficult for two shippers to meet in real life.
I met Dak through a forum about hacking. He started to contact me frequently when I expressed my desire for him to guide me in shipping items “for free.” In fact, we only became close after I helped him avoid getting his account blocked on a forum set up by a friend of mine.
Even so, Dak still concealed his real name and believed that meeting in person was a hassle. However, sharing is always an essential part of the “underground world,” even though I had only managed to convince Dak to see me as a newbie. “Everyone new must learn to share. No one can consume all the thousands of CCs in one shop. So it’s better to share with others; the quicker ones benefit. This way, whenever you need, you can also have ‘goods’ to use from those shared returns.” Dak began to drill this into my head.
The second unwritten rule: the spirit of allegiance! Ironically, all accounts opened by Vietnamese people abroad are considered the best accounts. No one would suspect a Vietnamese account holder buying goods to send back to their fellow countrymen! However, shippers in the “underground world” agree never to use accounts belonging to Vietnamese people. In fact, anyone caught using such accounts will definitely face disdain and discrimination from the majority of other shippers.
Dak informed me that he was a member of a forum gathering the best shippers in Vietnam. “But the rules there are very strict; you need many referrals. I can’t get you in alone! There is a lot of experience from senior members, many resources, and ‘free CCs.’ Access to the private sections of this forum depends on the quality of your posts and the number of thank-you replies you receive after each post.”
The First Experiment
While chatting and exchanging with me, Dak made a surprising decision; he wanted to try shipping his first item to Vietnam. “The seniors in the underground world have guided me many times; I’ve memorized the lessons, but I’ve never tried it” – Dak began a new lesson for me.
After gathering all the accurate details of a CC, including the expiration date, the shipper proceeds to conduct transactions on online shopping websites (such as Apple.com, eBay.com, iPod.com…) and shipping services (like FedEx…). If everything goes smoothly, after about three days, the information will be processed, and the goods will be “on the way.” Within a week or sooner, it will arrive in Vietnam, waiting to be collected.
Now comes the crucial step! After receiving the notification of goods arrival, the shipper heads to customs, bargaining over taxes (usually claiming to be a student with low-value shipments to request tax exemption). In fact, this psychological tactic will lead customs officials to believe the item is of low value and completely legitimate…
To be extra cautious, professional shippers often have one more elaborate step: obtaining a fake ID, replacing the photo with theirs to deceive customs, which helps shippers avoid potential legal consequences later!
Dak affirmed that most shippers still active today are like him: very young and impulsive, usually under 25, and knowledgeable about many things, from IT skills to the processes of online goods transactions. Dak said: “Most of the older seniors I know have retired; they have to think of ways to make an honest living rather than risk more with the alluring but perilous game of the underground world.”
“Do you prefer the 60 GB iPod Nano or a mobile phone?” Dak asked.
“Have you checked the CC yet?”
“My CC is always live at any time; iPod or phone?”
“What value of goods do you plan to ship?”
“About 2000 USD; I will receive the goods at my boarding house address. What’s your address? I want to gift you an iPod; don’t worry, I’ll take care of it.”
“Uh… it’s 3 AM already. I need to sleep,” I signed out and disappeared.
Four days later, Dak informed me that his shipment of 5 iPods purchased from Europe had been returned to the sender after arriving in the US for an unknown reason. “I can only say I was unlucky; perhaps the shop was too wary of the delivery addresses in Vietnam.”
In reality, shipping items directly to Vietnam has become too dangerous, and almost no experienced shippers dare to take the risk anymore. Dak found the solution to his first failure; a few days later, he began seeking cross-border connections. Dak explained to me about Drops (a term for those who receive “goods” on behalf of others abroad) and promised to introduce me to a seasoned “expert” in the underground world!
The Phong
