Hackers use YouTube to sell stolen credit card numbers, group says

An Internet safety group calls on YouTube to more proactively police uploaded videos

YouTube has thousands of videos promoting compromised credit card numbers, with the site sometimes running advertisements for legitimate credit cards or retail outlets alongside the hacker videos, according to a new report from an online safety group.

YouTube advertisements from credit cards and compromised retailers are, in effect, paying for videos advertising compromised credit card numbers, the Digital Citizens Alliance said in a report released Tuesday.

"It's troubling to see criminals infest YouTube in this way," said Tom Galvin, executive director of the Digital Citizens Alliance. "It's equally troubling to see [YouTube parent] Google profit from that via ads, because it speaks to whether or not Google has an incentive to take this stuff down."

When comparing ads for compromised credit card numbers on YouTube and on anonymous marketplace Silk Road, the group found "there isn't that big of a difference," Galvin added. "That's a scary thing. Silk Road is viewed as nefarious and the dark Web, and YouTube is viewed as a kind of a playground for everyone from preteens to adults."

The group ran several credit card-related searches on YouTube this year. The phrase, "how to get credit card numbers that work 2014," yielded 15,900 results. "CC info with CVV" (credit card info with card verification values) produced 8,800 results, and "buy cc numbers" produced more than 4,800 results.

"CC number with CVV" yielded nearly 4,200 results.

In some cases, the videos promoting compromised credit cards ran next to ads for American Express, Discover Card, Amazon.com and Target, which announced a data breach in December, according to the report.

A spokeswoman for Google, YouTube's parent company, said the company works hard to police videos there.

"Our guidelines prohibit any content encouraging illegal activities, including videos promoting the sale of illegal goods," she said by email. "YouTube's review teams respond to videos flagged for our attention around the clock, removing millions of videos each year that violate our policies. We also have stringent advertising guidelines, and work to prevent ads appearing against any video, channel or page once we determine that the content is not appropriate for our advertising partners."

Digital Citizens Alliance, which has targeted YouTube in the past for videos advertising steroids and prescription drugs, acknowledged that YouTube has a difficult job in policing the millions[m] of hours of videos uploaded there each day.

But Galvin called on YouTube to take a more proactive approach to flagging objectionable videos. The company could require a human reviewer to check videos with search terms associated with credit card fraud and other illegal activity, he said.

"If they took a dozen or so search terms and just took the time to create a review process around it, they could do a lot of good work," he said. "We're not suggesting their going to take onerous task of reviewing every video. That would be unrealistic, but they could isolate certain search terms."

YouTube's efforts right now focus on scrubbing videos after they are uploaded, but they keep coming back, Galvin said. The issue "is not being solved from a systemic standpoint," he added. "We've kind of made it a cause to keep pushing on Google to clean that up. I think we've only had moderate success on that front."

Asked why the latest report focuses solely on YouTube, Galvin said its size matters. "We've focused on YouTube because of the fact that ads run next to/during these videos promoting dangerous/illegal activities," he said by email. "We understand that platforms will have questionable things on them, but the fact that Google monetizes these videos on YouTube (the third most visited website) makes it different and we think noteworthy."

The Digital Citizens Alliance has issued about 20 reports since late 2012, including reports on Silk Road, Chinese counterfeits and Bitcoin in recent months, he noted. "Our work has looked at a whole range of topics, most of which have nothing to do with Google," Galvin said.

Galvin didn't disclose specifically where the group's funding comes from but members include Internet security groups, child safety groups and consumer groups. The group doesn't publish a list of its full membership, because of the "sometimes sensitive nature" of its investigations, he said.

Members of the group's advisory board include representatives of the National Consumers League, i-SAFE and the Association for Competitive Technology, a trade group focused on app developers but historically aligned with Google rival Microsoft.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesonline safetyGoogleDigital Citizens AlliancesecurityIdentity fraud / theftinternetvideoyoutubeTom Galvin

More about Amazon.comAmazon Web ServicesAmerican Express AustraliaGoogleIDGMicrosoftTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place