PLA Forums
Other Stuff That Has Little To Do With PLA => Techinical Shit => Phreaking, Hacking, Social Engineering, Lock Picking => Topic started by: InternetJunky on August 05, 2008, 12:11:24 AM
-
Is this still possible?What else can you do with a credit card generator, could you possibly use it for free trials?
"I’d been making lots of phone calls with stolen credit card numbers that I’d collected by calling up local gas stations and talking the employees out of them. I’d also used a computer program called Cmaster3 to extrapolate each card number I got into hundreds of other card numbers. It would only change the last four digits of the card, so these hundreds of card numbers I was using were most likely from local banks."
-quotes from rbcp
"It would only change the last four digits of the card, so these hundreds of card numbers I was using were most likely from local banks."
I dont plan to get into carding but I was wondering if this still works?Say I had my credit card, would I just change the last four digits? Then what about the name and other info, can you go into a little bit more detail, thanks.
-
It's very unlikely. Making up random numbers wouldn't work because credit card numbers are chosen based on a mathematical formula called the Luhn Algorithm (http://en.wikipedia.org/wiki/Luhn_algorithm). Plus, even if you did guess right, the chances that the card has already expired or has never been registered are extremely likely. I mean, EXTREMELY likely.
For more information on the anatomy of credit card numbers, I would suggest reading http://www.merriampark.com/anatomycc.htm. :)
-
Holy crap. Is that an intelligent and helpful post from MelloKira?
-
Guessing the whole thing is unlikely, but anybody who has read Brad's travels knows that the last four digits CAN be, even like a hundred years ago when he was doing it.
-
It's very unlikely. Making up random numbers wouldn't work because credit card numbers are chosen based on a mathematical formula called the Luhn Algorithm (http://en.wikipedia.org/wiki/Luhn_algorithm). Plus, even if you did guess right, the chances that the card has already expired or has never been registered are extremely likely. I mean, EXTREMELY likely.
For more information on the anatomy of credit card numbers, I would suggest reading http://www.merriampark.com/anatomycc.htm. :)
For that insight I'll stop deleting your posts on "Is It Worth It?". +1 as well. You earned it!
When Brad used to do this stuff, the level of security for authentication was pretty low. All a company needed was a valid credit card #. To even order something like pizza, you generally need the CC #, exp date, and (usually) the CVV. When talking to a human rep, you can claim the card has no CVV, or that it's illegible, and they can try authenticating the card without it, but form data on a web page will generally require it, even for free trials.
In other words: It's possible to generate valid credit card #'s using valid bank info + a generator to alter the last 4. However, you'll be hard-pressed to find somewhere that only requires the credit card #, or only verifies that w/ the card issuing bank.
-
Yes, it was possible to change the last 4 digits, but Cmaster3 did it in a certain order. I can't remember exactly, but I think it jumped every 8 or 9 digits. So like the list would look something like:
5002
5010
5018
5026
5034
etc
These worked great for free calls with AT&T, because they only wanted the card number. I don't think their automated system even asked for the expiration date. Eventually their system started asking for the zip code on the billing address, which I was sometimes able to guess since there were only a few zip codes to choose from around here. There were a lot of dead/non-existent cards in the list - maybe 5 dead ones for every good one.
I kept printouts of these credit card lists, but in 1996 when I started learning how to make web pages, I started titling these lists "HTML Color Codes For Websites." and I'd add a #FF onto the beginning of each number. It worked pretty good because when the cops raided our room, they left that list behind while they confiscated everything else.
When I was ordering merchandise from catalogs, I would use AT&T on it first to make sure the card was working. The expiration date could just be made up and there was no CVV back then. I think companies had the ability to check my billing information against what should be on the card, but a lot of them didn't bother. I think probably half of the stuff we ordered didn't work because of the billing information not matching up.