You would expect online criminals to want to keep a low profile and restrict their attempts of selling stolen wares to shady online criminal forums, but every once in a while some of them surprise us with unusual attempts such as advertising their stolen goods via Twitter.
One of them was recently spotted by F-Secure. His (very likely) fake name is Sshoaib Ahmed, and his Twitter profile is filled with messages containing links to a page where he details his offerings:
He sells credit card information (the price depends on the type of card and the country from which the card’s owner is), online banking account credentials (the price depends on the balance of the account) and offers to buy electronic goods on behalf of his customers if they prefer not to use the stolen credit cards themselves.
F-Secure thinks it very likely that all this information was gathered through the use of keyloggers. To prove that the goods he’s selling work, he also offered a batch of online account information for free so that the buyer can check it out.
F-Secure has contacted the authorities regarding the accounts in this batch, but as I’m writing this, Sshoaib Ahmed’s Twitter account is still online, and so is the blog page on which he presents the stolen goods.