Hackers build private IM to keep out the law

Hackers have built their own encrypted instant-message program to shield themselves from law enforcement and security analysts trying to spy on them

Hackers have built their own encrypted IM (instant-message) program to shield themselves from law enforcement trying to spy on their communication channels.

The application, called CarderIM, is a sophisticated tool hackers are using to sell information such as credit-card numbers or e-mail addresses, part of an underground economy dealing in financial data, said Andrew Moloney, business director for financial services for RSA, part of EMC, during a presentation at the International e-crime Congress in London on Wednesday.

CarderIM exemplifies the increased effort hackers are making to obscure their activities while continuing to use the Internet as a means to communicate with other criminals. "They're even investing in their own custom tools, their own places to work," Moloney said.

CarderIM's logo is humorous: two overlapping half suns in the same red-and-yellow tones as MasterCard International's logo. The name, CarderIM, is a reference to the practice of "carding," or converting stolen credit-card details into cash or goods.

Often, the hackers who obtain credit-card numbers aren't interested in trying to convert the data into cash. But other people are. On the Internet, the two can meet. But the data buyers and sellers are constantly on the lookout for the "rippers" -- security experts or police who are gathering data on them, Moloney said.

It's not known how widely CarderIM is being used, but its distribution appears to be limited, Moloney said. Searches through Google uncover a few passing but incomplete references to the program. It's also not easy to find a copy of it.

"To get ahold of it [CarderIM] you need to be part of one of the trusted groups, which we have agents within," Moloney said.

During his presentation, Moloney showed a screenshot of an advertisement for CarderIM, which addressed the need to "secure the scene." The application supposedly uses encrypted servers that are "offshore" and does not record IM conversations.

Hackers may have needed a more secure IM application, since most of the free ones, such as ICQ, transmit messages in clear text, which can be intercepted, Moloney said.

"They know that we watch and listen," Moloney said.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?