In my most recent analysis of the Russian underground marketplace for fake documents/IDs/passports, I emphasized on overall prevalence of fake identities, which can be both, manually 'crafted' by experienced designers possessing high quality scanned originals in order to produce physical copies, or automatically generated, with the users sacrificing quality in the process or looking for a bargain deal.
What's also worth emphasizing on in terms of discussing this cybercrime ecosystem market segment from multiple perspectives, is the overall international acceptance of scanned identification documents for various remote identification purposes, which opens doors to the systematic abuse of a vast number of legitimate services, as well as helps facilitate the generation of fake personalities, which can be abused in a any way the fraudster desires.
What are some of the latest developments within this cybercrime ecosystem market segment? The introduction of a scalable, DIY (do it yourself) self-service on the basis of a pseudo-randomized database of fake identity data, photo IDs with randomized appearance characteristics on the fake scanned documents, to avoid detection of a single pattern, all available as a service, as of June, 2013.
Basically, what this service does, is to provide a DIY Web based interface where users can take advantage of the on-the-fly generation of fake scanned copies of identification documents such as passports/IDs or credit cards. According to the vendor, the service has an inventory of over 200 photos for passports and IDs, is completely randomizing multiple aspects of the generated scanned fakes, in an attempt to mitigate the probability of having an entire set of statically generated fakes, easily detected by, for instance, law enforcement.
The vendor also claims that the service can generate a fake in approximately 40 seconds. Payment methods accepted? WebMoney, PerfectMoney, Bitcoin and Paymer.
Sample screenshots of sample scanned fakes generated using the service, and offered as samples:
Sample screenshots of the fake scanned utility bills/credit cards generated using the service:
Financial institutions part of the service's inventory of fake scanned credit cards:
- Capital One
- Navy Federal
- Union Plus
- US Bank
- Wells Fargo
With scanned IDs continuing to act as the primary (remote) identification factor for a huge number of legitimate companies, it shouldn't be surprising that cybercriminals have apparently found a way to automate the process, allowing it to scale, and eventually grow, with the efficiency-centered model becoming the de factor standard for Quality Assurance (QA) within the cybercrime ecosystem.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.